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Introduction 

Classical  planning  problems  have  the  following  form:  given  a  set  of  goals,  a  set  of  actions,  and  a 
description  of  the  initial  state  of  the  world,  find  a  sequence  of  actions  that  will  transform  the  world 
from  any  state  satisfying  the  initial-state  description  to  one  that  satisfies  the  goal  description.  In 
principle,  a  problem  of  this  type  may  be  solved  by  a  very  simple  procedure:  merely  enumerate  all 
possible  sequences  of  actions  and  test  each  until  one  is  found  that  achieves  the  intended  goals.  By 
this  procedure,  we  will  eventually  find  a  solution  if  one  exists.  However,  in  practice,  not  only  do 
we  want-  to  find  a  solution,  we  want-  to  do  so  expeditiously.  Quick  and  efficient  problem  solving 
is  desirable  primarily  for  reasons  of  economy:  the  less  time  it  takes  to  solve  a  problem,  the  more 
productive  one  can  be.  Furthermore,  in  some  situations,  the  time  it  takes  can  mean  the  difference 
between  success  and  failure,  as  is  the  case  when  the  problem  is  part  of  a  scholastic  exam  or  when 
the  problem  is  to  prevent  meltdown  in  a  nuclear  reactor. 

Previous  work  aimed  at  developing  efficient  planning  techniques  has  been  highly  experimental 
in  nature,  the  standard  methodology"  being  to  explore  ideas  by  constructing  computer  programs. 
For  the  most  part,1  very  little  theoretical  analysis  has  been  done  to  determine  why  the  programs 
work,  when  they  are  applicable,  and  whether  theyr  can  be  generalized  to  solve  larger  classes  of 
problems. 

In  my  thesis  [8],  I  venture  to  the  opposite  extreme  and  examine  the  question  of  efficient  planning 

from  a  rigorous,  mathematical  standpoint.  My  analysis  is  based  on  the  premise  that  one  of  the 

main  impediments  to  efficient  planning  is  search,  and  that  exhaustive  search  can  be  avoided  only  if 

1  The  exceptions  to  this  are  Warren's  analysis  of  his  WARPLAN  program  [17]  and,  just  recently,  Chapman's  logical 
reconstruction  of  nonlinear  planning  [2,  3],  Warren’s  analysis  is  primarily  concerned  with  proving  the  correctness 
of  WARPLAN.  Chapman,  on  the  other  hand,  has  analyzed  previous  work  in  nonlinear  planning  and,  on  the  basis 
of  this  analysis,  has  constructed  a  program  called  TWEAK  that  is  provably  correct. 
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the  problem  being  solved  has  properties  that  can  be  exploited  to  constrain  the  search.  Accordingly, 
my  methodology  has  been  to  construct  a  mathematical  framework  in  which  to  study  planning 
problems,  to  explore  this  framework  for  theorems  that  can  be  used  to  constrain  the  search  for  a 
solution,  and  then  to  construct  planning  techniques  based  on  the  theorems  found.  The  techniques 
are  described  in  precise,  mathematical  terms  and  are  capable  of  solving  any  problem  that  may  be 
expressed  in  the  framework,  provided  a  solution  exists.  While  the  techniques  may  be  implemented 
in  a  straightforward  manner,  there  are  a  number  of  implementational  issues  identified,  but  not 
addressed,  in  my  thesis  that  need  to  be  resolved  before  an  efficient  program  can  be  obtained. 

Although  we  have  been  working  independently  and  in  parallel,  my  work  can  be  viewed  as 
a  significant  extension  of  work  resently  reported  by  Chapman  [2,  3].  While  our  approaches 
are  similar,  the  framework  I  have  developed  encompasses  a  much  broader  class  of  problems 
and  addresses  some  of  the  representational  issues  that  Chapman  identifies.  In  addition,  I  have 
been  able  to  unify  many  more  ideas  in  automatic  planning  and  show  how  they  arise  from  first 
principles.  These  ideas  include  not  only  nonlinear  planning  [11,  12,  15,  19],  means-ends  analysis 
[*f],  and  opportunistic  planning  [6],  which  are  incorporated  into  Chapman’s  technique,  but  also 
goal  protection  [H,  16,  17],  goal  regression  [9,  16],  constraint  formulation  and  propagation  [12], 
and  hierarchical  planning  [10,  11,  12,  15,  19]. 

This  report  is  intended  to  provide  a  glimpse  of  my  thesis  research.  Only  about  a  quarter  of 
the  topics  presented  in  my  thesis,  however,  are  covered  here.  It  would  therefore  appear  advisable 
at  this  point  to  summarize  the  topics  I  have  included  and  those  I  have  not. 

In  the  next  chapter,  an  intuitive  explanation  of  the  mathematical  framework  is  provided  and 
a  language  introduced  for  describing  the  effects  of  an  action.  In  the  framework  presented  here, 
actions  are  assumed  to  be  deterministic — in  the  sense  that  performing  an  action  transforms  the 
world  from  its  current  state  to  a  uniquely  determined  succedent  state.  The  synthesis  techniques, 
however,  do  not  require  determinism,  and  in  my  thesis  I  present  a  more  general  framework  that 
permits  actions  to  be  nondeterministic. 
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The  language  for  describing  actions  is  interesting  in  that  it  combines  the  generality  of  the 
situation  calculus  [7]  with  the  notational  convenience  of  STRIPS  [5].  This  allows  the  frame  problem 
of  the  situation  calculus  to  be  circumvented  to  the  same  extent  that  it  can  be  done  in  STRIPS. 
As  1  show  in  my  thesis,  but  not.  in  this  report,  any  problem  that  can  be  described  in  the  situation 
calculus  has  an  equivalent  formulation  using  this  language,  and  vice  versa — with  the  restriction 
that  the  problem  specification  contain  only  a  description  of  the  initial  state,  a  description  of  the 
goal  state,  and  a  description  of  the  allowable  actions.  Also,  in  my  thesis,  I  extend  the  syntax  of 
the  language  to  enhance  the  parsimony  of  action  descriptions.  For  example,  the  description  of  the 
Put  operator  presented  in  Section  2.2  could  be  rewritten  in  the  extended  language  as  follows: 

Put(;;.f/) 

PRECOND:  P^q,  p  7^  TABLE,  Vj:  (-1  0n(2,p)),  [q  —  TABLE  V  Vir(-«  On(2,qr))] 

ADD:  Onfp,^) 

DELETE:  On(p,  2)  for  all  2  such  that  2  7^  q 

Chapter  2  also  shows  how  the  correctness  conditions  for  a  plan  may  be  expressed  in  terms  of 
regression  operators,  and  how  regression  operators  may  be  constructed  from  action  descriptions. 
The  regression  equations  presented  here,  though,  tend  to  produce  rather  long  formulas  that  may 
often  be  reduced  to  much  simpler  ones.  In  my  thesis,  I  show  how  to  add  simplification  rules  to 
the  regression  equations  to  overcome  this  problem.  The  thesis  also  presents  a  number  of  theorems 
on  regression  operators  that  do  not  appear  in  this  report.,  including  a  theorem  that  characterizes 
the  kinds  of  actions  that  may  be  described  in  the  language  in  terms  of  the  regression  operators  for 
those  actions. 

Chapter  3  of  this  report  shows  how  a  simple  planning  technique  may  be  derived  from  a  par¬ 
ticular  theorem  of  the  classical  planning  problems.  The  technique  combines  aspects  of  means-ends 
analysis,  opportunistic  planning,  goal  protection,  goal  regression,  and  constraint  formulation  and 
propagation  (what  Stefik  called  constraint  formulation  and  propagation  corresponds  to  secondary 
preconditions  and  regression  in  my  framework).  In  my  thesis,  1  expand  the  technique  hy  incor¬ 
porating  partially  ordered  (i.e.,  nonlinear)  plans,  instantiation  variables  (i.e.,  formal  objects),  and 
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a  variant  of  hierarchical  planning  in  which  abstract  operators  are  constructed  dynamically.  These 
devices  have  the  effect  of  introducing  the  principle  of  least-commitment,  as  they  are  used  to  defer 
search  as  long  as  possible.  In  addition,  in  my  thesis,  I  remove  the  various  assumptions  that  are 
incorporated  into  the  technique  presented  here,  such  as  the  assumption  that  the  initial  state  is 
completely  known. 
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In  formalizing  the  classical  planning  problems,  we  shall  draw  a  distinction  between  a  state  of 
the  w'orld  and  a  description  of  a  state.  The  state  of  the  world  is  an  abstract  concept  referring 
to  the  totality  of  all  that  is  true  of  the  world  and  all  that  is  false.  To  know  the  state  is  to  be 
omniscient.  A  description,  on  the  other  hand,  is  more  concrete:  it  is  a  collection  of  facts  about 
the  state  expressed  in  some  language.  Furthermore,  a  description  need  not  be  complete:  certain 
details  might  be  left  out,  either  because  they  are  not  known  or  because  they  are  thought  to  be 
unimportant.  Hence,  there  can  be  more  than  one  state  satisfying  a  given  description. 

The  distinction  between  states  and  state  descriptions  is  not  new.  For  example,  the  distinction 
was  made  by  McCarthy  and  Hayes  in  developing  their  situation  calculus  [7],  The  reason  for 
emphasizing  it  here  is  that  it  is  crucial  to  the  proper  characterization  of  actions.  Since  actions  are 
assumed  to  alter  the  world  in  a  deterministic  fashion,  performing  an  action  will  transform  the  world 
from  one  state  to  a  uniquely  determined  succedent  state.  Actions  can  therefore  be  characterized 
as  functions  mapping  states  of  the  world  into  other  states  of  the  world.  This  is  the  traditional 
view  of  actions,  yet,  when  implementing  practical  planning  systems,  many  researchers  have  chosen 
to  characterize  actions  as  functions  that  map  a  description  of  one  state  into  a  description  of  its 
successor  state.  In  Section  2.3  we  will  see  that  there  appear  to  be  actions  for  which  the  description 
of  the  succedent  state  would  have  to  be  infinite  to  reflect  all  of  the  state  changes  in  their  entirety. 
This  is  unacceptable  from  a  practical  standpoint.  Hence,  systems  that  treat  actions  as  functions 
on  state  descriptions  must  necessarily  limit  the  range  of  problems  they  can  solve.  None  of  this  is 
an  issue,  however,  when  actions  are  treated  as  functions  on  states. 
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2.1  FIRST-ORDER  LOGIC  FORMALIZATION 

The  formalization  of  states,  state  descriptions,  and  actions  that  will  now  be  presented  is  based 
on  first-order  logic.  First-order  logic  was  chosen  because  it  provides  a  very  genera!  framework 
for  expressing  and  solving  classical  planning  problems.  In  this  formalization,  states  are  identified 
with  algebraic  structures,  state  descriptions  with  well-formed  formulas,  and  actions  with  functions 
on  algebraic  structures.  An  algebraic  structure  is  a  complete  account  of  which  relations  hold 
among  which  objects,  and  thus  determines  the  truth  value  of  every  formula  in  the  language. 
An  algebraic  structure  therefore  corresponds  to  the  notion  of  a  state  in  that  both  represent  the 
totality  of  all  that  is  true  and  all  that  is  false.  Well-formed  formulas  are  used  to  describe  facts 
about  algebraic  structures;  hence,  the  relationship  between  algebraic  structures  and  well-formed 
formulas  is  identical  to  the  relationship  between  states  and  state  descriptions.  Consequently,  it 
seems  natural  to  equate  states  with  algebraic  structures  and  state  descriptions  with  well-formed 
formulas.  Actions  become  formally  characterized  as  functions  on  structures  as  a  consequence  of 
equating  states  with  structures.  In  keeping  with  tradition,  we  will  refer  to  actions  in  this  framework 
as  operators  so  as  to  distinguish  between  the  formal  characterization  of  an  action  and  the  event 
that  actually  takes  place  in  the  “real  world.'’ 

Let  us  consider  how  a  planning  problem  would  be  stated,  given  the  above  formalization. 
Initial-state  and  goal  descriptions  are  both  descriptions  of  states  and,  hence,  arc  expressed  as  sets 
of  well-formed  formulas.  Thus,  we  will  have  a  set  of  formulas  V  describing  the.  initial  state  and 
a  set  G  describing  the  goal  state.  Operators  are  described  in  two  parts.  The  first  part  states 
the  preconditions  that  must,  be  met  before  the  operator  can  be  applied.  For  example,  in  many 
block-stacking  problems,  a  block  can  be  moved  only  if  no  other  block  is  on  top  of  it.  Preconditions 
are  just  state  descriptions  and,  hence,  are  expressed  as  a  set  of  well-formed  formulas  rr. 

The  second  part  of  an  operator  description  is  a  description  of  a  function  on  algebraic  struc¬ 
tures.  This  function  defines  how  the  operator  affects  the  state  of  the  world  when  it  is  applied. 
Unfortunately,  there  is  no  standard  way  of  expressing  functions  on  structures,  as  they  are  not-  an 
integral  part  of  first-order  logic.  An  appropriate  language  for  specifying  operators  must  therefore 
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be  developed.  Before  considering  how  to  construct  such  a  language,  we  need  to  examine  the  notion 
of  a  structure  more  closely.  An  algebraic  structure  consists  of  the  following  elements: 

(1)  A  nonempty  set  (class)  of  objects  D  called  the  domain  of  the  structure. 

(2)  An  n-ary  relation  r  on  D  (i.e.,  a  set-theoretic  relation  with  n  arguments  whose  components 
are  elements  of  D)  for  every  n-ary  relation  symbol  R. 

(3)  An  n-ary  function  f  on  D  for  every  n-ary  function  symbol  F. 

(4)  A  distinguished  object  c  in  D  for  every  constant  symhol  C. 

The  relation/function/object  associated  with  symbol  R/F /C  is  called  the  interpretation  of  R/F /C . 
As  an  example,  suppose  that  we  have  a  blocks  world  consisting  of  a  TABLE  and  three  blocks  A, 
8,  and  C,  where  blocks  A  and  B  are  resting  on  the  TABLE  and  block  C  is  stacked  on  top  of  block 
A.  Suppose,  further,  that  our  language  for  talking  about  this  world  has  four  constant  symbols, 
A.  B.  C,  and  TABLE,  corresponding  to  the  objects  in  the  world,  and  one  relation  symbol  On, 
where  On(i,y)  means  that  x  is  on  top  of  y.  Then  the  structure  representing  this  world  would  have 
{A,  B.  C,  TABLE)  as  its  domain,  A  as  the  interpretation  of  A,  5  as  the  interpretation  of  B,  C  as  the 
interpretation  of  C,  TABLE  as  the  interpretation  of  TABLE,  and  {{./?,  TABLE), (B,  TABLE),  (C,  il)} 
as  the  interpretation  of  On.  Viewed  semantically,  x  is  on  top  of  y  if  and  only  if  the  ordered  pair 
(x,y)  appears  in  the  interpretation  of  On. 

To  arrive  at  a  practical  way  of  specifying  functions  on  structures,  we  shall  place  a  number 
of  restrictions  on  the  kinds  on  functions  that  may  be  defined.  The  first  restriction  is  that  a 
function  may  not  alter  the  domain  of  a  structure.  That  is,  if  >1  is  a  structure  and  /  is  a  function 
on  structures,  then  the  domain  of  f(M)  is  identical  to  the  domain  of  M.  This  restriction  is  of 
concern  only  when  we  wish  to  describe  the  effects  of  an  action  that  creates  or  destroys  objects 
in  the  world.  An  example  of  such  an  action  would  be  the  GENSYM  function  in  LISP,  which 
creates  new  LISP  atoms.  The  difficulty  here  is  that  the  restriction  prevents  us  from  modeling  the 
creat  ion  and  destruction  of  objects  by  adding  and  deleting  elements  of  the  domain.  However,  we 
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can  obtain  the  same  effect  by  introducing  a  unary  relation,  say  U,  where  U{x)  is  true  if  and  only 
if  x  “actually”  exists.  The  domain  of  the  structure  would  include  all  objects  that  could  possibly 
exist;  objects  would  be  “created”  and  “destroyed”  by  modifying  the  interpretation  of  U.  Note  that 
this  is  precisely  how  GENSYM  is  implemented  in  a  real  computer:  GENSYM  does  not  create  LISP 
atoms  “out  of  thin  air,”  but  rather  it  locates  an  area  of  unused  memory  and  claims  it  for  use  as  a 
new  atom.  Clearly,  the  restriction  that  an  operator  must  preserve  the  domain  of  a  structure  does 
not  affect  the  kinds  of  behavior  that  may  be  considered;  it  only  influences  the  way  in  which  the 
behavior  is  simulated. 

The  second  restriction  is  that  a  function  on  structures  may  not  alter  the  language  used  to 
describe  the  world.  That  is,  relation,  function,  and  constant  symbols  may  neither  be  introduced  nor 
eliminated  by  an  operator.  This  restriction  is  implicit  in  all  work  done  in  planning  to  date.  It  has 
never  been  stated  explicitly,  since  it  is  hard  to  imagine  a  situation  it  which  altering  the  language 
would  make  any  sense.  Yet,  if  one  really  wanted  to,  one  could  obtain  the  effect  of  modifying  the 
language  by  introducing  relations,  functions  and  constants  as  objects  in  the  domain  (axiomatic  set 
theory  [13]  provides  a  convenient  way  of  doing  this)  and  then  “creating”  and  “destroying”  them 
in  a  manner  similar  to  that  described  in  the  preceding  paragraph. 

The  motivation  for  this  second  restriction  is  that  it  allows  a  function  on  structures  to  be 
decomposed  into  a  collection  of  functions — one  function  for  each  relation  symbol,  function  symbol, 
and  constant  symbol.  Each  function  in  the  collection  defines  the  interpretation  of  the  corresponding 
symbol,  in  the  succedent  state,  in  terms  of  the  state  of  the  world  that  existed  prior  to  the  application 
of  the  operator.  In  other  words,  if  fs  is  the  function  corresponding  to  symbol  S  and  if  M  is  the 
structure  defining  the  current  state  of  the  w'orld,  then  the  interpretation  of  S  in  the  succedent 
state  is  given  by  /$(. M). 

To  provide  a  way  of  specifying  these  functions,  let  us  introduce  our  third  and  final  restric¬ 
tion:  each  function  must  be  representable  as  a  well-formed  formula.  That  is,  each  function  fs 
corresponding  to  symbol  S  is  defined  by  a  well-formed  formula  <p$  such  that 

(1)  For  each  n-ary  relation  symbol  R,  R(xlt . . . ,  xn)  is  true  in  the  succedent  state  if  and  only 
if  <pn(x  i, . . .  ,xn)  wras  true  previously  (where  xi, . . . ,  xn  are  the  free  variables  of  <p/t) 
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(2)  For  each  ?i-ary  function  symbol  F,  F(x  . . . ,  xn)  =  w  is  true  in  the  succedent  state  if  and 
only  if  (pp{xi, . . . ,  xn,  w)  was  true  previously. 

(3)  For  each  constant  symbol  C,  C  =  w  is  true  in  the  succedent  state  if  and  only  if  tpc(w) 
was  true  previously. 

For  example,  suppose  we  have  an  operator  that  places  block  B  on  top  of  block  C.  After  this 
operator  is  applied,  B  becomes  situated  on  top  of  C  and  every  block  except  B  remains  where  it 
was.  Therefore,  On(:r,  y)  is  true  after  the  application  of  the  operator  if  and  only  if  [x  =  B  A  y  = 
C)  V(i^  B  AOn(x,y))  was  true  previously.  In  other  words,  the  interpretation  of  On  in  the 
succedent  state  is  the  set  of  ordered  pairs  {x,y)  such  that  (x  =  B  A  y  —  C)V  {x  jA  B  A  On(i,y))  is 
true  in  the  current  state.  If  this  operator  were  applied  to  the  blocks  world  described  earlier,  w'here 
the  interpretation  of  On  was  {{.4,  TABLE), {B,  TABLE),  {C,  .4)},  the  resulting  interpretation  of  On 
would  then  be  {{/,  TABLE),  (C,  A),  {B,  C)>. 

With  the  planning  technique  discussed  later  in  this  paper,  it  is  important  to  know  exactly  what 
modifications  an  operator  makes  in  a  structure  to  select  the  appropriate  operators  for  achieving  the 
intended  goals.  Therefore,  we  shall  express  the  <pR  s,  <pr' s  and  <pc's  defined  above  in  terms  of  other 
formulas  that  make  the  modifications  explicit  and  then  deal  exclusively  with  these  other  formulas. 
For  relation  symbols,  this  means  expressing  each  <pr  associated  with  an  operator  a  in  terms  of  two 
other  formulas,  qr  and  5r,  which,  respectively,  describe  the  additions  to  and  the  deletions  from 
t  he  interpretation  of  R:  if  ct/^aq, . . . ,  xn)  is  true  when  operator  a  is  applied,  the  tuple  (sq, . . .  ,xn) 
is  added  to  the  interpretation  of  R,  and  if  &r{xi  , . . . ,  xn)  is  true  then  {x\, . . .  ,xn)  is  deleted  from 
the  interpretation  of  R.  For  this  to  make  sense,  . . . ,  xn)  and  . . . ,  x„)  cannot  be  true, 

simultaneously,  as  we  are  not  requiring  that  the  additions  and  deletions  be  performed  in  any 
particular  order.  Given  or  and  R{x\ , . . . ,  xn)  is  true  after  operator  a  is  applied  if  and  only  if 

V  (-1  fa{xx , . . . ,  x„)  A  i?(ii, . . . ,  x„))  (2.1) 

was  true  beforehand.  In  other  words,  {x\, . . .  ,xn)  is  in  the  interpretation  of  R  after  applying  a  if 
and  only  if  it  was  added  or  it  was  in  the  interpretation  of  R  beforehand  and  not  deleted.  Formula 
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(2.1)  is  therefore  equivalent  to  <pr.  Note  that  appropriate  n/j’s  and  Sr's  can  be  found  to  make 
(2.1 )  equivalent  to  tpR  for  any  arbitrary  <pr.  For  example,  we  can  let  qr(ii  , . . . ,  xn )  be  the  formula 
<Pr{x^,  ■  •  ■  ,xn)  and  Sr(xx  , . . . ,  xn)  be  ->  <pr(x  i,  . ..  ,xn).  For  efficient  problem  solving,  though, 
and  Sr  should  be  chosen  to  reflect  the  actual  additions  to  and  deletions  from  the  interpretation  of 
R.  For  example,  for  the  block-stacking  operator  described  previously,  a  suitable  »on(i,!/)  would 
be  (x  =  B  A  y  —  C)  and  a  suitable  fon^y)  would  be  (i  =  fl  A  y  ^  C).  Note  that  fon^y) 
cannot  be  (a:  =  B),  since  tton(i,y)  and  (5on(I>y)  are  not  allowed  to  be  true  simultaneously. 

The  formulas  defining  the  interpretations  of  the  function  symbols  in  the  succedent  state  can  be 
restructured  in  much  the  same  way  as  the  formulas  for  relation  symbols.  In  the  case  of  functions, 
though,  we  can  take  advantage  of  the  fact  that  a  function  must  be  defined  everywhere,  as  required 
by  the  definition  of  an  algebraic  structure.  Consequently,  F(xi, . . . ,  xn)  —  w  is  true  after  an 
operator  has  been  applied  if  and  only  if  the  operator  changed  the  value  of  F(xx, . . . ,  xn)  to  w 
or  the  operator  preserved  the  value  of  F{x\ , . . . ,  xn)  and  F(x j,...,xn)  =  w  was  true  previously. 
These  changes  can  be  described  by  a  single  formula  fip ,  where  ■  •  - ,  xn>  w)  is  true  if  and 

only  if  the  value  of  F(x i,...,xn)  is  to  be  updated  to  w  when  the  operator  is  applied.  Since 
functions  have  unique  values,  fip  must  have  the  property  that  either  there  is  a  unique  w  for  which 

fir(x  i . x„,  is  true  or  there  are  no  in's  for  which  (ir{xi,  . . .  ,xn,w)  is  true.  Given  such  a  pr, 

F[x i _ ,*,,)  =  w  is  true  after  the  operator  is  applied  if  and  only  if 

.  ,  Xn,1L>)  v  (-•  3u[/tF(xi,. .  .  ,  !„,«)]  A  F(x,, .  ..,xn)  =  w)  (2.2 a) 

was  true  previously;  that  is,  F(x =  w  is  true  after  the  operator  is  applied  if  and  only 
either  if  the  value  of  F(xj , . . . ,  x„)  was  updated  to  w,  or  F{x\, . . .  ,xn)  —  w  was  true  beforehand 
and  the  operator  preserved  the  value  of  F(x\, . . . ,  xn).  Formula  (2.2a)  is  therefore  equivalent  to 
<Pr.  As  with  aR  and  Sr,  an  appropriate  fip  can  be  found  to  make  (2.2a)  equivalent  to  <pp  for 
any  arbitrary  <pf  (e.g.,  let  hr(x\,  . . .  ,xn,w)  be  <pr(xi ,  •  •  ■ ,  xn,  '«•’))•  However,  for  efficient  problem 
solving,  iir  should  be  chosen  to  reflect  the  actual  updates  of  the  interpretation  of  F.  As  an 
example,  suppose  we  wished  to  model  the  assignment  statement  U  «—  V ,  where  U  and  V  are 
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program  variables.  To  do  so,  we  could  have  a  function  Val  mapping  program  variables  to  their 
values,  plus  an  operator  that  updates  Val((7)  to  be  the  value  of  Val(V).  An  appropriate  update 
condition  /*va  1(2,  w)  for  this  operator  would  then  be  (2  =  U  Aw  =  Val(V)). 

Constant  symbols  are  handled  in  exactly  the  same  way  as  function  symbols,  since  constants 
are  simply  functions  without  arguments.  Therefore,  C  =  w  is  true  in  the  succedent  state  if  and 
only  if 

Pci™)  V  (-1 3u[^c(f)]  AC  =  w)  (2.26) 

was  true  previously.  Note  that  Formula  (2.26)  is  simply  a  special  case  of  Formula  (2.2a). 

When  dealing  with  several  operators,  we  will  need  to  distinguish  the  add,  delete,  and  update 
conditions  of  one  operator  from  those  of  another.  This  we  will  do  by  using  superscripts:  we  will 
write  aR  and  baR  to  mean,  respectively,  the  add  and  delete  conditions  defining  the  interpretation  of 
relation  symbol  R  after  operator  a  is  applied,  and  we  will  write  pp  to  mean  the  update  condition 
defining  the  interpretation  of  function  symbol  F  after  the  application  of  operator  a  (likewise  for 
constant  symbols).  We  will  also  use  superscripts  to  distinguish  the  preconditions  of  one  operator 
from  those  of  anot  her.  Thus,  na  is  the  set  of  preconditions  of  operator  a. 


2.2  OPERATOR  SCHEMATA 

When  formulating  a  planning  problem,  one  quite  often  encounters  groups  of  operators  whose 
add,  delete,  and  update  conditions  would  be  identical  given  an  appropriate  substitution  of  terms. 
For  example,  the  operator  described  earlier  for  stacking  block  B  atop  block  C  has  as  its  add  and 
delete  conditions  for  On(x,  y)  the  formulas  {x  —  B  A  y  =  C)  and  (2  =  B  A  y  7^  C ),  respectively. 
Similarly,  an  operator  for  stacking  block  A  on  top  of  block  C  would  have  as  its  add  and  delete 
conditions  (2  =  A  A  y  =  C)  and  [x  =  A  Ay  7^  C).  These  formulas  are  identical  except  that, 
wherever  B  appears  in  one  pair  of  formulas,  A  appears  in  the  other.  Instead  of  requiring  that  each 
and  every  operator  in  such  a  group  be  defined  separately,  we  will  introduce  operator  schemata  so 
that  the  group  may  be  defined  collectively.  Schemata  allow  one  to  define  parametric  classes  of 
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operators  by  introducing  parameters  as  placeholders  for  terms  in  the  various  formulas  that  make 
up  an  operator  definition.  A  schema  is  then  specialized  to  a  particular  operator  by  substituting 
the  appropriate  terms  for  the  parameters.  For  example,  we  could  define  a  block-stacking  schema 
with  parameters  p  and  <7,  where  p  is  to  be  stacked  on  top  of  q.  The  add  and  delete  conditions  for 
On(x,  y)  in  the  schema  definition  would  then  be  (x  =  p  A  y  =  g)  and  (x  =  pAy  ^  g),  respectively. 
Substituting  D  for  p  and  C  for  q  yields  an  operator  that  stacks  block  B  on  top  of  block  C. 

It  would  be  useful  at  this  point  to  introduce  a  standard  notation  for  defining  operators  and 
operator  schemata.  This  notation  is  illustrated  below.  A  schema  definition  consists  of  the  name 
of  the  schema,  a  parameter  list,  and  four  groups  of  formulas  labeled  PRECOND,  ADD,  DELETE 
and  UPDATE.  If  the  parameter  list  is  empty,  the  schema  defines  a  single  operator. 


Nawe{p pm) 


PRECOND:  Jitlpt,.. 

■  >  Pm) i  •  *  •  i  ^n(p  1 1  •  • 

■  >  Pm) 

ADD: 

•  ,*m)  for  all  xu.. 

.,xni  such  that  a^( Xi,... 

j  %n 1 1  Pi  j • • 

•  •  iPm) 

•  i  xn2 )  for  all  xt,.. 

. ,  xni  such  that  a/tjx! ,... 

>  Xn2,  p i,  .  . 

■  i  Pm) 

DELETE:  Ri(xl}.. 

..*«,)  for  all  *i,.. 

.,xni  such  that  iJrJxi,..., 

1  Xn  i  tPl i •  ■ 

•  i  Pm) 

R?(xi,- ■ 

.,x„2)  for  all  x{,.. 

. ,  x„2  such  that  Sr2[x\ , . . . , 

X  n  2  *  P 1 1  •  ' 

•  >  Pm) 

UPDATE:  F, (*, . 

for  all  such  that  pFl(xu  . . . ,  xni,  w,pi , . . .  ,pm) 

Fo(xi,...,x„2)  *-  w 

for  all  xlt...,xn2,w  such  that  Pf2{xi,  . . . ,  z„2,  w,plt . . .  ,pm) 


The  PRECOND  group,  which  specifies  the  precondition  of  the  schema,  consists  of  a  set  of  well- 
formed  formulas  fi\{pi,  ■  ■  ■  ,P,n),  ■  ■  ■ ,  7r n(p\ , ,  pm)  whose  free  variables  are  the  schema  parameters. 
The  ADD  group  specifies  the  add  conditions  or  for  each  relation  symbol  R.  The  conditions  are 
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specified  by  a  set  of  statements  of  the  form 

“(add)  R{xlt...,xn)  for  all  xt,...,xn  such  that  aR{xi, . . .  ,xn,pu  . . .  ,pm)” 

where  the  x,'s  are  distinct  variables  and  are  different  from  the  parameters  pi,...,pm-  The  z,-’s, 
together  with  the  parameters,  constitute  the  free  variables  of  or.  The  format  of  the  DELETE 
group  is  identical  to  that  of  the  ADD  group.  The  DELETE  group,  however,  specifies  the  delete, 
conditions  Sr  for  each  relation  symbol  R.  The  UPDATE  group  specifies  the  update  conditions  }ip 
and  pc  for  each  function  symbol  F  and  each  constant  symbol  C  respectively.  These  conditions 
are  expressed  by  a  set  of  statements  each  of  which  is  of  the  form 

“(update)  F(xi,...,zn)  *—  w  for  all  xt  ,...,xn,w  such  that  Hr(xi, . . . ,  xn ,  w,pi, . . .  ,pmy 

for  function  symbols  or.  alternatively, 

“(update)  C  *-  w  for  all  w  such  that  pciw ,Pi,  ■  ■  ■ ,  Pm)" 

for  constant,  symbols.  As  with  the  ADD  and  DELETE  groups,  w  and  the  £,•'  s  are  distinct  variables 
and  are  different  from  the  parameters. 

As  an  example  of  what  an  actual  schema  might  look  like,  consider  the  following  schema,  which 
defines  a  class  of  operators  Put(p,ry)  for  stacking  block  p  on  top  of  q,  where  q  may  be  another  block 
or  the  table: 

Put(/;,<y) 

PRECOND:  p^q,  p^  TABLE,  Vc(-  On(*,p)),  [q  =  TABLE  V  V;(-  On(^,  c?))] 

ADD:  On(x,  y )  for  all  x,  y  such  that  [x  —  pAy=q] 

DELETE:  On(x,  y)  for  all  x,  y  such  that  (x  —  p  A  y  q) 

UPDATE:  A  *—  w  for  all  w  such  that  FALSE 
B  *—  w  for  all  w  such  that  FALSE 
C  <—  w  for  all  w  such  that  FALSE 
TABLE  <—  w  for  all  w  such  that  FALSE 
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The  precondition  states  that  p  and  q  must  be  distinct,  that  p  cannot  be  the  table,  that  no  object 

may  be  on  top  of  p,  and  that  either  q  must  be  the  table  or  no  object  may  be  atop  q.  These  are  the 

usual  constraints  one  finds  in  block-stacking  problems. 

Since  it  is  often  not  the  case  that  an  operator  will  modify  the  interpretation  of  every  symbol 
in  the  language,  we  will  introduce  the  following  notational  convention:  if  any  qr,  Sr,  pr  or  pc 
is  not  specified,  then  we  shall  take  it  to  be  the  formula  FALSE.  For  example,  Put.(p,g),  as  defined 
above,  does  not  modify  the  interpretations  of  A,  B,  C,  or  TABLE.  Therefore,  we  could  define 
Put(p,^)  more  succinctly  as  follows: 

Put(p,r /) 

PRECOND:  p  ^  q,  p  ^  TABLE,  Vz(^On(z,p)),  f q=  TABLE  V  Vz(^  On(z,q))] 

ADD:  On(z,  j/)  for  all  x,  y  such  that  {x  =  p  A  y  =  q) 

DELETE:  On(:r,  t/)  for  all  x,y  such  that  (i  =  pAy^  g) 

In  essence,  (lie  convention  is  to  presume  that  the  interpretation  of  a  symbol  is  not.  modified  unless 
specified  otherwise.  This  convention  has  all  the  benefits  of  the  “STRIPS  assumption”  [5];  however, 
because  it  is  merely  a  notational  convention  and  we  are  dealing  with  functions  on  states  and  not 
functions  on  state  descriptions,  it  has  none  of  the  drawbacks  of  the  STRIPS  assumption  [16], 

We  will  also  adopt  as  a  notational  convention  that,  if  no  preconditions  are  given  for  an  operator, 
then  the  precondition  is  taken  to  be  the  formula  TRUE.  In  other  words,  we  will  assume  that  the 
operator  may  be  applied  in  any  state. 

2.3  VALID  PLANS 

The  statement  of  a  planning  problem  consists  of  a  set  of  wreli-formed  formulas  T  describing 
the  initial  state  of  the  world,  a  set  of  formulas  G  describing  the  goals  to  be  achieved,  and  a  set  of 
operator  schemata.  The  object  is  to  find  an  appropriate  sequence  of  operators  (i.e.,  instantiated 
schemata)  that  will  transform  any  structure  satisfying  T  into  a  structure  that  satisfies  G.  We  shall 
call  such  a  sequence  of  operators  a  valid  plan  for  achieving  G ,  given  T,  or  simply  a  valid  plan  for 
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achieving  G  when  the  intended  T  is  understood.  This  section  examines  the  validity  conditions  in 
detail  and  explores  ways  of  testing  a  plan  for  validity. 

Two  conditions  must  hold  for  a  plan  to  be  valid:  first,  the  preconditions  of  an  operator  must 
be  satisfied  when  that  operator  is  applied;  second,  the  goals  must  be  satisfied  after  the  entire 
plan  has  been  executed.  To  state  these  conditions  more  precisely,  we  shall  introduce  the  following 
definitions.  Let  e  denote  the  empty  sequence — that  is,  the  sequence  containing  no  operators.  Let 
the  sequence  a  be  called  a  prefix  of  a  sequence  0  if  and  only  if  there  exists  a  sequence  7  such 
that  0  =  c r-j  (i.e.,  0  is  equal  to  the  concatenation  of  a  followed  by  7).  For  example,  the  prefixes 
of  the  sequence  ni«2,”an  are  «>  ai>  aia2,  aia2n3> ■ • • > aj n2‘ "an-  Finally,  let  us  write  T  {0}cp  to 
mean  that,  if  every  formula  in  the  set  T  is  true  before  tbe  sequence  of  operators  0  is  applied,  then 
the  formula  <p  will  be  true  after  0  is  applied.  More  formally,  if  we  let  a(,M)  denote  the  structure 
obtained  when  operator  a  is  applied  to  structure  X,  then 

(1)  r{(}p  holds  if  and  only  if  every  structure  satisfying  T  satisfies  p,  and 

(2)  F { n  j  no'  •  -a,,  }'p  bolds  iT  and  only  if  an  o  a„_j  o  •  •  •  o  a  1  ( )  satisfies  <p  for  every  structure 
M  satisfying  T, 

where  “o”  denotes  function  composition.  Given  the  above  definitions,  the  validity  conditions  may 
be  stated  as  follows:  0  is  a  valid  plan  for  achieving  G  given  T  if  and  only  if 

(1)  r{0}(7  holds  for  all  formulas  g  EG,  and 

(2)  For  every  prefix  era  of  0,  r{cr}ny  holds  for  every  formula  7 r,-  E  na,  where  a  is  an  operator 
and  is  the  set  of  preconditions  of  a. 

Unfortunately,  it  is  usually  not  possible  to  apply  the  definition  of  r{0}^  directly  when  testing  a 
plan  for  validity,  as  T  may  have  an  infinite  number  of  models.  What  we  need  to  do,  therefore,  is 
restate  the  definition  of  T{6}<p  in  terms  of  theorem  proving,  so  that  we  may  then  prove  the  validity 
of  a  plan  without  having  to  consider  the  models  of  T. 
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Progression  Operators 

We  will  consider  two  possible  ways  in  which  the  definition  of  T {0}<p  might  be  restated  in  terms 
of  theorem  proving.  The  first  approach  is  to  find  a  progression  operator  [9]  for  each  operator  a. 
Progression  operators  map  the  conditions  that  exist  before  an  action  is  performed  into  those  that 
exist  after  its  performance.  Thus,  if  a+1  is  the  progression  operator  for  a,  then  T{d}ip  holds  if  and 
only  if  'p  is  a  theorem  of  «  +  ,(r).  If  a  progression  operator  can  be  found  for  each  operator  a,  then 
the  definition  of  r{0}p  could  be  restated  as  follows: 

(1)  r{£}  <p  if  and  only  if  <p  is  a  theorem  of  T,  and 

(2)  r{«tfl2'  ■  if  and  only  if  tp  is  a  theorem  of  a*1  o  ■  •  •  o  a+’fr). 

Unfortunately,  progression  operators  have  a  major  problem:  while  it  is  possible  to  define  an 
appropriate  n+1  for  any  operator  a,  there  appear  to  be  operators  and  finite  T's  for  which  a  +  1(r) 
is  necessarily  infinite.  By  definition,  a  +  1  (T)  must  be  an  axiomati nation  of  the  set  of  postcondit  ions 
of  T;  that  is,  o+1(r)  must  axiomatize  {<p  |  r{a}£>}.  We  could  simply  define  a  +  1(r)  to  be  this  set, 
but  this  definition  is  not  practical,  as  the  set  of  postconditions  of  T  is  infinite:  for  computational 
reasons,  we  would  much  prefer  a  finite  axiomatization  of  the  postconditions.  Unfortunately,  there 
appear  to  be  cases  in  which  fbe  postconditions  cannot  be  axiomatized  finitely,  even  though  F  may 
be  finite.  For  example,  let  P  be  the  set  of  formulas 

Ql:  Vx(s(j)^0) 

Q2:  Vxy(s(x)  =  s{y)  —  x  =  y) 

Q3:  Vz(i  =  0  V  3y  (s(y)  =  z)) 

Q4:  Vi  (i  +  0  =  i) 

Q5:  Vi t/(a:  +  .s(i/)  =  s(x  +  y)) 

Q6:  Vi  (x  •  0  =  0) 

Q7:  Vxy(x  -  s(«/)  =  {x  *  y)  +  i) 

HI:  Vx(H{x)~  Jl(i)) 
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where  A(x)  is  a  formula  that  docs  not  contain  the  symbol  H,  and  let  a  be  the  operator  whose 
schema  is 

UPDATE:  x  4-  y  *—  w  for  all  x,  y,  w  such  that  w  =  0 
x  •  y  4 —  iv  for  all  x,  y,  w  such  that  w  =  0 

Formulas  Q1  through  Q7  are  essentially  the  axioms  of  Pcano  arithmetic  without  the  induction 
axioms.  Formula  HI  defines  the-  unary  relation  symbol  H  in  terms  of  0,  s,  4-,  and  •  by  means  of 
the  formula  which  will  be  described  below'.  Operator  a  leaves  the  interpretations  of  0,  s,  and 
H  unaltered,  but  redefines  4  and  •  to  be  zero  everywhere  after  a  is  applied  (i.e.,  x  +  y  =  x-  y  =  0 
for  all  x  and  y  in  the  succedent-  state).  Since  4-  and  •  would  no  longer  correspond  to  addition  and 
multiplication  after  a  is  applied,  it  seems  plausible  that,  if  A{x)  made  heavy  use  of  addition  and 
multiplication,  it  might  not  be  possible  to  finitely  axiomatizc  the  postconditions  involving  H.  Wc 
will  now  construct  an  A(x)  that  appears  to  have  just  this  property. 

Let  us  write  s"(0)  as  shorthand  for  the  nth  successor  of  0  (i.e.,  s°(0)  ~  0,  s'fO)  =  s(0), 
s2(0)  =  .s(s(0)),  s3(0)  =  s(s(s(0))),  etc).  Then  it  can  be  shown  [l]  that,  for  any  partial  recursive 
funct  ion  p  :  Nl;  —*  N  on  the  natural  numbers,  there  exists  a  formula  Ap(x\ , . . .,  x-k .  y )  involving 

only  0,  <f,  +,  and  •  such  that  p(n  i,...,  n*)  =  m  if  and  only  if  Ap(.sn,(0) . .?"*■  (0).  .s"'(0j)  is  a 

theorem  of  formulas  QI-Q7.  The  formula  Ap  is  said  to  represent  the  function  p.  Furthermore,  it 
can  be  shown  that,  if  T\,  ...  is  a  recursive  enumeration  of  Turing  machines,  then  there  exists 

a  partial  recursive  indicator  function  h  :  N  — *■  N  such  that  h[n)  —  0  if  and  only  if  Tn  eventually 
halts  when  started  on  a  blank  tape.  Let  T\,  Th, ...  be  a  recursive  enumeration  of  Turing  machines’ 
and  let  A(x)  be  the  formula  .4/,(:r,0),  where  h  is  the  partial  recursive  indicator  functiou  defined 
above  and  Ah{x,y)  is  a  formula  representing  h.  Having  defined  A(x)  to  be  the  formula  Ah(i,0), 
we  have  as  a  result  that  //(sn(0))  is  a  theorem  of  T  if  and  only  if  Tn  halts  on  a  blank  tape. 
Furthermore,  since  a  does  not  affect  the  interpretations  of  0,  s,  or  H,  H(s"(0))  is  a  postcondition 
of  F  if  and  only  if  iJ(sn(0))  is  a  theorem  of  T.  Let  be  an  axiomatization  of  the  postconditions 
of  T.  Then  i7(.sn(0))  is  a  theorem  of  T7  if  and  only  if  Tn  halts  on  a  blank  tape.  Since  4-  and  •  are 
zero  everywhere  after  operator  a  is  applied,  we  can  decompose  f7  into  an  equivalent  set  of  formulas 
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r',  U  Y2 .  where  Pj  is  the  set 

{Vi  y  (x  +  y  =  0)  A  Vx  y  (x  ■  y  =  0)} 

and  To  is  is  obtained  from  T'  by  substituting  0  for  all  terms  of  the  form  t\  + 1?  or  t\  •  1 2  in  every 
formula  of  T'.  Thus,  s  and  H  do  not  appear  in  T'j,  and  +  and  •  do  not  appear  in  T'o-  Furthermore, 
the  cardinality  of  To  is  less  than  or  equal  to  the  cardinality  of  T/.  Since  Tj  U  Fo  is  equivalent  to 
P',  it  follows  that  //(s”(0))  is  a  theorem  of  T'  if  and  only  if  H{sn{ 0))  is  a  theorem  of  T'j  UTo-  But 
s  and  II  do  not  appear  in  F'j .  Therefore,  the  formula  //(sn(0))  is  true  in  all  structures  satisfying 
Pj  U  ri  if  and  only  if  it  is  true  in  all  structures  satisfying  To.  Hence,  H{sn( 0))  is  a  theorem  of  T'  if 
and  only  if  H[s,l{ 0))  is  a  theorem  of  T'2.  Hence,  Tn  halts  on  a  blank  tape  if  and  only  if  H(sn{ 0))  is 
a  theorem  of  Pk.  But  +  and  •  do  not  appear  in  any  formula  of  Ti..  Therefore,  Pk  must  axiom atize 
H  by  using  only  0  and  the  successor  function  s.  This  seems  too  weak  a  language,  however,  for 
defining  the  set  of  Turing  machines  that  halt  on  blank  tapes  without  effectively  enumerating  all 
such  Turing  machines.  Thus,  we  make  the  following  conjecture: 

Conjecture.  V'2  is  infinite. 

If  this  conjecture  is  true.  P'  must  be  infinite  since  the  cardinality  of  P7  is  greater  than  or  equal  to 
the  cardinality  of  Pk.  Therefore,  all  axiomatizations  of  the  postconditions  of  T  must  be  infinite:  in 
particular  u  +  I(P)  must  be  infinite.  Although  if  appears  unlikely  that  the  conjecture  is  false,  it  has 
not  yet  been  formally  proved. 

Regression  Operators 

The  second  approach  to  restating  the  definition  of  Y{6}tp  is  essentially  the  opposite  of  the 
first:  instead  of  advancing  P  forward  through  the  plan  using  progression  operators,  we  will  move  p 
backwards  using  regression  operators  [9,  16].  This  involves  finding  for  each  operator  a  a  function 
a-1  mapping  formulas  into  formulas  such  that  <p  is  true  after  a  is  applied  if  and  only  if  a~l(<p) 
was  true  beforehand;  that  is,  for  every  structure  M,  M  satisfies  a~1{<p)  if  and  only  if  a(M)  satisfies 
<p.  If  such  functions  exist  then  the  definition  of  Y{0}<p  could  be  restated  as  follows: 
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(1)  F{c}*c  if  and  only  if  ip  is  a  theorem  of  T,  and 

(2)  r { ci i «2‘  •  '«n}p  if  and  only  if  a7*  0  •  ■  •  °  is  a  theorem  of  F. 

In  general,  a  regression  operator  maps  a  postcondition  into  the  weakest  sufficient  precondition  that 
must  exist  before  an  operator  is  applied  in  order  for  the  postcondition  is  true  afterward.  In  the 
case  of  the  «-I’s,  though,  we  are  insisting  that  the  weakest  sufficient  precondition  must  also  be  a 
necessary  precondition. 

Unlike  progression,  there  are  no  difficulties  in  computing  regressions.  To  see  why  this  is  so, 
consider  the  following  construction.  First,  let  us  augment  our  language  with  an  additional  set 
of  relation,  function,  and  constant  symbols,  i.e.,  one  new  symbol  for  each  existing  symbol.  We 
are  thereby  adding  a  new  relation  symbol  R'  for  each  existing  relation  symbol  R,  a  new  function 
symbol  F'  for  each  existing  function  symbol  F,  and  a  new  constant  symbol  C  for  each  existing 
constant  symbol  C.  The  new  symbols  we  will  call  primed,  the  old  ones  nonprimed.  The  primed 
symbols  will  be  used  to  describe  the  state  of  the  world  that  exists  after  operator  a  is  applied,  while 
the  nonprimed  symbols  will  describe  the  state  of  the  world  before  a  is  applied.  To  axiomati/e  the 
relationship  between  the  primed  and  nonprimed  symbols,  we  can  make  use  of  Formulas  (2.1)  and 
(2.2)  discussed  in  Section  2.1.  These  formulas  define  the  interpretation  of  each  symbol  after  an 
action  has  been  applied  in  terms  of  the  previous  state  of  the  world.  Thus,  we  have  the  following 
axioms  for  each  primed  symbol: 

Vav  •  -x„  [R'(zI,...,xn)  <-  a%(xlt.. .  ,x„)  V  (“■  baR{xit . . . ,  xn)  A  R{xt , . . . ,  z„))]  (2.3a) 

Va-,-  -  -xn  u<  [{F'{x  i,...,xn)  =  w)  *-*  naF{xi  V  (  ->3v{nr{xu...,  xn,  v))  (2.36) 

A  =  «')] 

Vu>  \{C'  =  w)+~*  Hc{w)  V  (-1  3v[Mc(t’)]  A  C  =  w)\  (2.3c) 

The  reason  this  construction  is  valid  is  that  operators  preserve  the  domains  of  the  structures  to 
which  they  are  applied:  if  M  is  a  structure,  then  the  domain  of  a(>t)  is  precisely  the  domain  of 
At.  Therefore,  we  can  construct  a  composite  structure  whose  domain  is  the  domain  shared  by  M 
and  a(At),  and  whose  relations,  functions,  and  distinguished  elements  are  the  combined  relations, 
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functions,  and  distinguished  elements  of  >1  and  a(M).  To  construct  a  language  for  this  composite 
structure,  we  need  only  add  a  new  set  of  symbols  to  the  existing  language — one  new  symbol  for 
each  existing  symbol,  just  as  was  done  above. 

Now  suppose  p  is  a  formula  that  contains  only  primed  symbols  and,  hence,  describes  some 
condition  that  might  hold  after  operator  a  has  been  applied.  Using  the  axioms  given  above,  we  can 
transform  p  into  an  equivalent  formula  ip  containing  only  nonprimed  symbols.  Since  ■ ip  is  equivalent 
to  p  and  contains  only  nonprimed  symbols,  it  expresses  the  necessary  and  sufficient  conditions  that 
must  exist  before  «  is  applied  so  that  p  will  be  true  afterward.  Thus,  ip  corresponds  to 

The  transformation  of  <p  into  an  equivalent  nonprimed  formula  can  be  done  in  two  steps.  The 
first  step  is  to  transform  p  into  an  equivalent  canonical  form  in  which  every  atomic  subformula 
of  the  canonical  <p  is  either  of  the  form  R'(x F'(x =  w  or  C  =  iv  for 
some  collection  of  variables  x\, . . . ,  z„,  w.  Once  in  canonical  form,  p  can  be  transformed  into  its 
nonprimed  equivalent  by  replacing  the  atomic  subformulas  of  p  with  their  equivalent  nonprimed 

formulas,  as  defined  in  the  axioms  (2.3).  In  otber  words,  we  replace  all  occurrences  of 
R'(x\ - ,-f„)  with  ccr(x\ . xn)  V  (->  Maq,  •  •  •  ,i«)A/f(ii,...,®n)) 

F'{x\ . xn)  =  «*  with  nr{xi,...,xn,u>)  V  ( ->  3v(/jt.r{xi, . . . ,  x„,v)) 

A  F(xlt...,x „)  =  w) 

C‘  =  w  with  /fc('H')  V  [C  =  w  A  Vu  ->  f-tc(v)) 

These  substitutions  arc  justified,  since  we  may  always  substitute  a  formula  for  one  that  is  equivalent. 
To  transform  p  ipto  its  canonical  Torm,  we  make  use  of  the  following  theorem  of  first-order  logic: 
if  X(r)  is  a  formula  containing  the  term  r,  and  if  x  is  neither  a  free  variable  of  X(r)  nor  a  bound 
variable  in  the  scope  of  r,  then  X{r)  is  logically  equivalent  to  3i(X(i)  A  r  =  x).  Therefore,  we  can 
replace  any  occurrence  of 

R'(. . . ,  t,  . . .)  with  3x  (R[. . . ,  x, . . .)  A  r  =  x) 

F'{. . . ,  r, . . .)  =  n 7  with  3x  (F(.  ,.,x,..,)  =  wAr  =  i) 

F'{. . .)  =  t  with  3x  (F(. , .)  =  i  A  r  =  r) 

Cj'  —  t  with  3x{C  =  x  A  r  =  x), 

where  et  is  an  arbitrary  term,  r  is  a  term  that  is  not  a  variable,  and  a:  is  a  variable  that  appears 
in  neither  R'(. . . ,  r,  . . .),  ..  ,r, ...)  =  vj,  F'(. . .)  nor  C  =  r.  To  put  p  in  canonical  form,  v;e 

merely  apply  these  substitutions  repeatedly  until  no  further  substitutions  are  possible. 
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As  an  example  of  how  a  primed  formula  is  transformed  into  its  nonprimed  equivalent,  suppose 
we  have  the  Put(.0,  C)  operator  discussed  in  Section  2.2  and  that  p  is  Vu  ->  On/(u,  A').  To  transform 
p  into  its  canonical  form,  we  merely  need  to  replace  On^ti,  A’)  with  3u  (On^u,  u)  A  A'  =  u).  This 
produces 

Vu  ->  SufOn^u,  v)  A  A'  =  u]. 

With  p  in  its  canonical  form,  all  that  remains  is  to  replace  the  atomic  subformulas  of  p  with  their 
nonprimed  equivalents.  Recall  from  the  definition  of  Put(f?,  C)  that  aon(x>  y)  is  (i  =  B  A  Jf  =  C) 
and  fold*-?/)  is  (x  =  B  A  y  7^  C).  Therefore,  all  occurrences  of  On'fz,;/)  arc  replaced  by 

(x  =  B  A  y  =  C)  V  [(x  B  V  y  =  C)A  On(z,y)]. 

Also,  since  Put(£?,  C)  does  not  affect  the  interpretation  of  A,  /n  is  the  formula  FALSE.  Hence,  all 
occurrences  of  A1  =  w  are  replaced  by  A  —  w.  These  substitutions  produce 

Vu  -■  3u[((u  =  B  A  v  =  C)  V  [(tt  ^fiVt'  =  C)A  On(u.  u)])  A  A  =  u], 

which  simplifies  to 

i^C'A  V«(u  =  B  V  -» On(u,  A)). 

Thus,  no  block  is  on  top  of  A  after  PutiR.C)  has  been  applied  if  and  only  if  A  and  C  are  distinct 
blocks  and  there  were  no  blocks  on  top  of  A  before  the  application  of  Put(B,C),  except  possibly 
block  B. 

The  above  method  for  transforming  primed  formulas  into  their  nonprimed  equivalents  leads 

to  the  following  recursive  definition  for  a-1.  In  the  ground  case,  we  obtain 

a_1[R(zi, .. .  ,x„)]  =  ,  z„)  V  (--  6an(xi,. . .  ,x„)  A  R{xi, .. .  ,z„))  (2.4ci) 

a~l\F{x  j...  .,x„)  =  w]  =  np(xu...,xn,w)  V  [  -■  3u  (yx£  (xi , . . . ,  xn,  u))  (2.46) 

A  F{x j,...,z„)  =  w] 

a~l(C  =  w)  =  Hc(w)  V  h  3u(/ic(n))  AC=m],  (2.4c) 

where  x\, ..  .,xn  and  w  are  variables.  These  equations  correspond  to  replacing  atomic  subformulas 
with  their  nonprimed  equivalents.  The  following  equations  transform  atomic  formulas  into  their 
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canonical  forms: 

a-1  [f?(. . . ,  r, . . .)]  =  3x  (a_1[i?(. Ah'  l(r  =  x))  (2.4  c/) 

a~‘[F(. ,  r,...)  =  w]  =  3  x(a~'\F(. . .  ,x, . ..)  =  w\  A  a~J(r  =  x))  (2.4e) 

a_  1  [F(. . .)  =  t]  =  3x  (a-1  [F(. . .)  =  x]  A  o_1(r  =  x))  (2.-1/) 

a~l(C  =  r)  =  3x(a-I[C  =  x]  A  a_1(r  =  a:)),  (2.-1  g) 


where  ~  is  an  arbitrary  term,  r  is  a  term  that  is  not  a  variable,  and  x  is  a  variable  that  does  not 
appear  in  /?(. . . ,  r, . . .),  F(. . .  ,r, . . .)  —  vs,  F(. . .)  —  r,  or  C  =  r.  Finally,  we  have  the  following 
equations,  which  allow  (2.4a-g)  to  be  applied  to  all  atomic  subformulas  in  a  formula: 


a  1(^<p)  =  ->a  l(<p)  (2.4/i) 

a"l(fJAt')  =  a"1(OA«’1(v)  ( 2 . 4 1 ) 

a_1(^  V  i>)  =  fl"‘(p)Vfl'V)  (2.4/) 

1(<P  -*■  i')  =  a~1{<p)  ->  a_1(V')  (2.4/r) 

a~l(<p  +->  'll))  =  a-1(<p)  a~l{4>)  (2.4/) 

u_1(Vx  <p)  =  Vx  a~l(<p)  (2.4m) 

a~1(3x  <p)  s  3x  a~1(<p)  (2.4/0 
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Plan  Synthesis 


This  chapter  presents  a  technique  for  solving  a  subclass  of  the  classical  planning  problems.  The 
first  section  establishes  the  fundamental  concepts  upon  which  the  technique  is  based.  A  particular 
property  of  the  classical  planning  problems  is  identified  and  an  example  given  illustrating  how  one 
might  exploit  this  property  when  synthesizing  a  plan.  Section  3.2  shows  how  a  simple  planuing 
technique  can  be  derived  from  the  property,  and,  in  Section  3.3,  a  detailed  example  is  provided  to 
demonstrate  the  technique. 

3.1  BASIC  CONCEPTS 

There  are  two  basic  assumptions  built  into  the  classical  planning  problems  that  can  be 
exploited  when  a  plan  is  synthesized.  The  first  is  that,  the  world  can  change  only  as  the  result  of  an 
action.  This  assumption  permits  actions  to  be  modeled  as  state  transformations.  Furthermore,  it 
forces  all  plans  to  have  the  following  property:  if  some  condition  is  true  at  one  point  in  a  plan  but 
not  at  an  earlier  point,  then  at  some  point  in  between  there  is  an  operator  that  causes  the  condition 
to  become  true.  This  is  an  important  consequence  from  the  point  of  view  of  plan  synthesis,  as  it 
allows  one  to  postulate  the  existence  of  operators  that  cause  certain  goals  to  become  true.  The 
second  assumption  is  that  we  are  capable  of  performing  only  a  finite  number  of  actions  in  a  finite 
amount  of  time.  Consequently,  any  plan  for  achieving  a  particular  goal  must  be  finite,  as  the  goal 
must  become  true  at  a  definite  point  in  time  for  it  to  be  achieved.  Taken  together,  these  two 
assumptions  imply  the  following: 
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Property  3.1.  If  a  condition  p  is  true  at  a  point  p  in  a  sequence  of  operators  but  not  at  an 
earlier  point,  then  at  some  point  in  between  there  exists  an  operator  that  causes  to  become 
true  and  p  remains  true  thereafter  until  at  least,  point  p. 

In  other  words,  if  some  condition  is  true  at  one  point  in  a  plan  but  not  at  an  earlier  point,  then  not 
only  must  there  be  an  operator  somewhere  in  between  that  causes  the  condition  to  become  true, 
but  there  must  be  a  final  such  operator  since  the  number  of  intervening  operators  is  finite.  This 
combined  property  turns  out  to  be  quite  useful  during  plan  synthesis,  as  we  will  now  demonstrate. 
A  more  formal  treatment  of  Property  3.1  appears  at  the  end  of  this  section. 

To  illustrate  how  Property  3.1  may  be  exploited  when  a  plan  is  being  synthesized,  let  us 
consider  a  typical  block-stacking  problem.  Suppose  we  have  the  blocks  world  described  in  Chapter 
2,  in  which  blocks  A  and  B  are  initially  on  the  TABLE  and  block  C  is  atop  block  A.  Suppose, 
further,  that  our  goal  is  to  have  A  on  top  of  B  and  B  on  top  of  C,  and  that  the  only  operators 
available  are  those  defined  by  the  Put  schema  of  Section  2.2.  The  diagram  below  depicts  the  initial 
state  and  the  goal,  “bristles”  on  top  of  a  block  signifies  that  the  block  is  known  to  be  clear  (i.e., 
no  other  block  is  on  top  of  it),  while  a  block  ‘'floating"  above  the  table  signifies  that  the  object 
supporting  the  block  is  not  known.  The  arc  from  the  initial  state  to  the  goal  signifies  that  the 
initial  state  precedes  the  goal  state,  in  time. 


Initial  Goa! 

State  State 

Neither  of  our  goals  is  satisfied  in  the  initial  state;  therefore,  by  Property  3.1  there  must  be 
a  final  point  in  our  plan  at  which  A  becomes  situated  on  top  of  B,  and  a  final  point  at  which 
B  becomes  situated  on  top  of  C .  The  only  operators  available  for  moving  A  onto  B  and  B  onto 
C  are  Put(.4,  B)  and  Put(fi,C),  respectively.  Hence,  there  must  exist,  a  point  at.  which  we  apply 
Put(.4,  B),  after  which  A  remains  on  top  of  B,  plus  another  point  at  which  we  apply  Put(S,  C), 
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after  which  B  remains  on  top  of  C.  This  is  depicted  in  the  diagram  below.  The  conditions  that 
must  remain  true  during  particular  intervals  are  identified  by  labeling  the  appropriate  arcs. 


(el 


On(A,B) 


A. 

ES 

C 


Goal 

State 


In  the  final  plan.  Put(/1,  B)  will  come  either  before  Put(B,C)  or  after  Put(S,C).  The  former 
case  can  be  ruled  out,  however,  since,  with  this  ordering,  the  requirement  that  A  remain  on  top 
of  B  after  Put(.4,  B)  has  been  executed  contradicts  one  of  the  preconditions  of  Put(f?,  C),  which 
is  that  no  block  be  on  top  of  B  when  Put(B,C)  is  applied.  Therefore,  we  must  perform  Put(„4,  B) 
after  performing  Put(B,C). 
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Examining  the  plan  in  its  current  state  of  development,  we  find  that  the  goals  are  now  satisfied 
but  that  one  of  the  preconditions  of  Put(yl,  B)  has  not  been.  In  particular,  C  is  on  top  of  A  in 
the  initial  state,  which  contradicts  the  requirement  that  no  block  be  on  top  of  A  when  Put(.4,  B) 
is  performed.  Therefore,  by  Property  3.1,  there  must  exist  an  operator  preceding  Put(yl,  B)  that 
causes  C  to  be  removed  from  A,  after  which  C  remains  off  A  at  least  until  Put(.A,  B)  is  performed. 
The  only  operators  available  for  removing  C  from  A  are  those  of  the  form  Put(C,  A').  Hence,  there 
must  exist  a  point  preceding  Put(yl,  B)  at  which  we  perform  Put(C,Af),  after  which  C  remains  off 
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.4  at  least  until  Put(A,  B )  is  performed.  For  the  moment,  let  us  defer  the  choice  of  a  particular 
value  for  X . 
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In  the  final  plan,  Put.(C\X)  will  come  either  before  Put(B,  C)  or  after  Put(B,  C).  The  latter 
case  can  be  ruled  out,  however,  since,  ■with  this  ordering,  the  requirement  that  B  remain  on  top 
of  C  after  Put(B,C')  has  been  executed  contradicts  one  of  the  preconditions  of  Put(C,X),  -which 
is  that  no  block  be  on  top  of  C  when  Put(C*,  X)  is  applied.  Therefore,  Put(C,A^)  must  be  applied 
before  Put(B,C'). 
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If  we  now  examine  the  plan,  we  find  that  every  goal  and  precondition  would  be  satisfied  if  we 
were  to  let  X  be  the  TABLE.  Therefore,  let  it  be  so.  This  gives  us  the  following  plan  for  stacking 
A  atop  B  and  B  atop  C:  put  C  on  the  TABLE,  then  put  B  on  top  of  C  and,  finally,  put  A  on  top 


of  B. 
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Initial  Put(C,  TABLE)  Put (B,C)  Put(A,fl)  Goal 

State  State 


As  the  foregoing  example  illustrates,  Property  3.1  contributes  to  the  planning  process  in  two 
ways.  First,  it  establishes  a  causal  connection  between  the  operators  in  a  plan  and  the  conditions 
we  wish  to  bring  about.  This  causal  linkage  permits  us  to  build  plans  incrementally,  introducing 
operators  as  needed  to  satisfy  our  goals  as  well  as  the  preconditions  of  operators  previously 
introduced.  The  choice  of  operators  is  governed  by  the  changes  that  must  be  made  in  the  world  to 
bring  about  the  desired  conditions;  operators  that  are  not  essential  to  constructing  a  valid  plan  are 
not  even  considered.  The  result  is  a  tremendous  reduction  in  search  compared  with  that  required 
by  an  exhaustive  search  strategy.  Furthermore,  Property  3.1  does  not  restrict  us  to  building 
plans  in  any  particular  order,  as  do  forward-chaining  and  backward-chaining  strategies.  Instead, 
operators  are  inserted  as  needed  and  where  needed  in  an  opportunistic  fashion  (c.f.,  Hayes-Roth 
ct  al.  (6]). 

The  second  way  in  which  Property  3.1  contributes  to  the  planning  process  is  by  constraining 
the  placement,  of  operators  in  a  plan.  When  we  insert  an  operator  at  some  point  p  in  a  plan  so 
that  a  particular  condition  will  be  true  at  some  later  point  q,  we  are  considering  the  last  point  p 
preceding  q  at  which  that  condition  becomes  true.  We  can  thus  protect  the  condition  from  point  p 
to  point  q;  that  is,  we  can  assert  that  the  condition  must  remain  true  in  the  interval  between  p  and 
q.  The  advantage  of  protection  is  that  it  enables  us  to  detect  impossible  orderings  of  operators:  if 
an  operator  has  the  precondition  <p ,  it  cannot  possibly  appear  at  a  point  in  the  plan  during  which 
->£>  must  remain  true.  Protection  therefore  contributes  to  the  minimization  of  search  by  allowing 
us  to  eliminate  impossible  orderings  from  consideration.  In  fact,  in  the  block-stacking  example, 
protection  w-as  so  effective  that  search  was  avoided  altogether. 
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Protection  Through  the  Ages 

Historically,  the  idea  of  protecting  goals  and  preconditions  was  first  introduced  by  Sussman 
[14]  and  later  refined  by  Waldinger  [16],  Warren  [17,  18],  and  others.  Sussman  developed  goal 
protection  as  a  method  for  detecting  faulty  plans.  As  he  explains,  using  a  programming  metaphor, 

...  a  program  is  operating  correct//,  in  that  it  accurately  reflects  the  intent  of  the  programmer, 
only  when  each  step  achieves  those  goals  that  the  programmer  intended  it  to,  and  each  of  those 
goals  remains  true  at  least  until  the  steps  which  depend  upon  its  being  true  are  run  (or  the 
end  of  the  program  block  if  this  step  is  a  contributor  to  the  purpose  of  the  program,). 

Therefore,  if,  in  the  course  of  plan  execution,  a  goal  is  violated  that  was  intended  to  remain  true, 
that  plan  is  then  faulty  and  must  be  “debugged.”  It  is  apparent  from  the  foregoing  quote  that 
Sussman  had  in  mind  something  very  much  like  Property  3.1  when  he  developed  his  protection 
mechanism.  However,  Sussman  viewed  protection  as  being  intimately  tied  to  the  intent  of  the 
programmer,  whereas  here  it  is  seen  as  arising  from  a  fundamental  principle  that  is  independent  of 
intent  (of  course,  in  its  use,  protection  does  tend  to  reflect  intent).  Furthermore,  Sussman  employed 
protection  only  as  a  means  of  detecting  faulty  plans,  not  as  a  guide  to  ordering  operators  as  done 
here.  Had  he  recognized  this  use  of  protection,  he  probably  would  not  have  had  to  treat  the  block¬ 
stacking  problem  presented  earlier  as  an  “anomalous  situation”  requiring  special  consideration. 

Unlike  Sussman,  Waldinger  did  employ  protection  as  a  guide  to  ordering  operators.  However, 
Waldinger  was  somewhat  overzealous  in  its  application.  If  a  goal  or  precondition  w'ere  true  in  the 
initial  state  and  not  made  false  by  any  of  the  operators  currently  in  the  plan,  Waldinger’s  scheme 
would  call  for  that  goal  or  precondition  to  be  protected  without  considering  the  possibility  that  the 
goal  or  precondition  might  have  to  be  violated  and  then  reestablished  in  order  to  solve  the  overall 
problem.  An  example  of  a  problem  in  which  this  possibility  would  have  to  be  considered  is  the 
Towers  of  Hanoi,  in  which  the  goal  of  having  the  smallest  ring  on  top  of  the  second  smallest  ring  is 
true  in  the  initial  state,  but  the  first  ring  must  be  removed  from  the  second  so  that  the  other  goals 
can  be  realized.  Waldinger  acknowledged  that  his  protection  mechanism  had  drawbacks,  but  he 
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did  not  recognize  their  source.  Instead,  he  proposed  a  scheme  that  circumvented  the  hidden  defect 
by  considering  goals  in  various  sequences  until  a  solution  was  obtained.  Although  the  scheme  does 
work,  it  is  terribly  inefficient.  Furthermore,  as  Warren  points  out  [18],  reodering  is  unnecessary  if 
we  simply  avoid  protecting  goals  that  are  already  satisfied. 

Like  Waldinger,  Warren  also  used  protection  as  a  guide  to  ordering  operators.  In  Warren’s 
approach,  though,  a  goal  is  protected  only  when  an  operator  is  inserted  that  makes  the  goal  true. 
Warren’s  scheme  therefore  operates  in  accordance  with  Property  3.1. 

Strengthening  Property  3.1 

It  turns  out  that  Property  3.1  is  too  weak  for  solving  arbitrary  planning  problems.  While  it 
works  fine  for  problems  in  which  the  effects  of  an  action  are  independent  of  the  state  in  which  the 
action  is  performed,  as  in  the  blocks  world,  it  neglects  an  important  case  that  must  be  considered 
when  the  effects  of  an  action  depend  on  the  state  of  the  world  at  the  time  the  action  is  performed. 
Taking  this  second  case  into  account,  we  obtain  the  theorem  stated  below.  This  theorem  says 
that  a  condition  is  true  after  a  sequence  of  operators  has  been  executed  if  and  only  if  (l)  there 
exists  an  operator  at  some  point-  in  the  sequence  that  causes  the  condition  to  become  true,  and 
the  condition  remains  true  thereafter,  or  (2)  the  condition  is  true  initially  and  never  becomes 
false.  Therefore,  during  plan  synthesis,  not  only  must  we  consider  incorporating  operators  to 
cause  a  goal  or  precondition  to  become  true  (Clause  1),  but  we  must  also  consider  the  possibility  of 
incorporating  operators  to  prevent  a  goal  or  precondition  from  becoming  false  if  it  is  true  initially 
(Clause  2).  Property  3.1  merely  provides  a  set  of  sufficient  conditions  for  Clause  (1)  to  hold.  The 
theorem  further  tells  us  that  a  planning  technique  is  fully  general  if  and  only  if  it  takes  these  two 
possibilities  into  account,  as  a  goal  or  precondition  cannot  be  satisfied  otherwise. 

Theorem  3.2.  Let  <p  be  a  formula,  T  be  a  set  of  formulas,  and  0  be  a  sequence  of  operators. 

Then  T{0}£>  holds  if  and  only  if  one  of  the  following  is  true: 

(1)  There  exists  a  prefix  era  of  0,  where  a  is  an  operator,  such  that  T{cr}<p  is  false  but  T {craq}^ 
is  true  for  all  sequences  y  such  that  cray  is  a  prefix  of  0. 
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(2)  Y{a}<p  for  all  prefixes  a  of  8. 

Proof.  First  we  will  show  that,  if  either  Clause  (1)  or  Clause  (2)  holds,  then  Y{0}<p  must  hold 
as  well.  If  aa  is  a  prefix  of  8,  there  exists  a  7  such  that  era 7  =  0.  Therefore,  Clause  (l)  implies 
Y{8}<p.  If  Clause  (2)  holds,  Y{8}ip  follows  immediately,  since  8  is  a  prefix  of  itself. 

To  complete  the  proof  we  need  to  show  that,  if  r{0}y?  holds,  then  either  Clause  (1)  or  Clause 
(2)  holds.  This  we  will  do  by  induction  on  the  length  of  8.  In  the  base  case,  0  is  the  empty  sequence 
f.  The  only  prefix  of  e  is  c  itself;  therefore,  if  Y{8}<p  holds  for  $  =  e,  then  Clause  (2)  must  hold. 
For  the  induction  step,  let  us  assume  that,  for  all  8  of  length  less  than  or  equal  to  n,  Y{8}<p  implies 

(1)  or  (2).  Let  8'  be  a  sequence  of  operators  of  length  n  +  1,  and  suppose  that  T{0'}p  holds.  Let 
a  be  an  operator  and  8"  be  a  sequence  of  length  n  such  that  8*  =  0" a.  Consider  Y{8"}<p.  Either 
T {8"}'f  is  true  or  it  is  false.  If  it  is  false,  Clause  (1)  must  hold  for  8  =  0'  (i.e.,  consider  the  case 
when  cr  =  8").  If  Y{6"}<p  is  true,  then,  by  the  induction  hypothesis,  either  Clause  (1)  or  Clause 

(2)  holds  for  6  =  0" .  If  (2)  holds  for  8  —  8"  then  (2)  must  also  hold  for  8  —  8' ,  since  we  have 

assumed  that  Y{0'}<p  holds.  Likewise,  if  (1)  holds  for  8  —  8",  (1)  must  also  hold  for  8  =  O',  since, 

if  F{(Tfi7}^  is  true  for  all  7  such  that  0-07  is  a  prefix  of  8",  then  Y{aa^}<p  must  be  true  for  all  7 

such  that  (Tfl7  is  a  prefix  of  8' .  Therefore,  if  Y{8"}ip  holds,  either  Clause  (1)  or  Clause  (2)  holds  for 

8  —  8'.  But,  as  shown  previously,  if  Y{6"}(p  does  not  hold,  then  Clause  (1)  must  hold  for  8  =  8'. 
Therefore,  either  Clause  (1)  or  Clause  (2)  holds  for  8  —  8* .  Since  the  choice  of  8'  was  arbitrary,  it 
follow's  that  T{0}<p  implies  (1)  or  (2)  for  all  8  of  length  n  +  1.  Hence,  by  induction,  Y{0}<p  implies 
(1)  or  (2)  for  all  8.  □ 

Property  3.1  follows  as  a  corollary  to  Theorem  3.2.  Property  3.1  can  be  stated  and  proved 
formally  as  follows. 

Corollary  ( Property  S.l).  Let  <p  be  a  formula,  T  a  set  of  formulas,  6  a  sequence  of  operators, 
and  t  a  prefix  of  8.  Then  the  following  holds:  if  r{0}p  is  true  but  Y{r}<p  is  false,  then  there 
exists  a  prefix  aa  of  8  such  that  r  is  a  prefix  of  a,  a  is  an  operator,  Y{a)<p  is  false,  and  Y{aa^}<p 
is  true  for  all  sequences  7  such  that  aa^  is  a  prefix  of  8. 
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Proof.  Suppose  that  T{0}<p  holds  but  that  r{r}yj  does  not.  Then  either  Clause  (1)  or  Clause  (2) 
of  Theorem  3.2  holds.  But  Clause  (2)  cannot  hold,  since  T {r}ip  is  false.  Therefore,  only  Clause  (1) 
bolds;  that  is,  there  exists  a  prefix  era  of  $,  where  a  is  an  operator,  such  that  T{a}(p  is  false  but 
T {aa~i}<p  is  true  for  all  sequences  7  such  that  aa^  is  a  prefix  of  0.  It  remains  only  to  show  that  r 
must  be  a  prefix  of  cr.  Suppose  that  r  is  not  a  prefix  of  a.  Since  r  and  era  are  both  prefixes  of  0, 
this  implies  that  <ra  must  be  a  prefix  of  r.  Therefore,  there  exists  a  sequence  7  such  that  r  =  <707. 
Therefore,  r{r}^>  must  be  true,  since  Y{oa-i}tp  is  true  for  all  sequences  7  such  that  0-07  is  a  prefix 
of  0.  But,  by  hypothesis,  T { r } is  false.  Contradiction!  Therefore,  r  must  be  a  prefix  of  a.  □ 


3.2  A  SIMPLE  PLANNING  TECHNIQUE 

Let  us  now  consider  a  technique  for  constructing  plans  that  is  based  on  Theorem  3.2.  With 
this  technique,  plans  are  synthesized  in  much  the  same  way  as  in  the  preceding  example:  we  begin 
with  the  empty  plan  (i.e.,  containing  no  operators)  and  add  operators  until  a  valid  plan  is  obtained. 
At  each  stage  in  the  process,  we  will  have  some  current  plan.  This  plan  is  analyzed  to  identify  those 
goals  and  preconditions  not  yet  satisfied  and  to  determine  what  additional  operators  are  needed 
to  bring  them  about.  The  appropriate  operators  are  then  inserted,  producing  a  new  current  plan 
and  initiating  a  new  cycle  of  analysis  and  modification.  This  process  of  repeatedly  analyzing  and 
modifying  the  current  plan  continues  until  all  goals  and  preconditions  have  been  satisfied.  In 
situations  where  there  are  multiple  ways  of  causing  a  particular  goal  or  precondition  to  become 
true,  the  analysis  produces  a  set  of  alternative  modifications  of  the  current  plan.  In  this  case, 
one  of  the  alternatives  must  be  selected  before  the  plan  is  modified.  However,  not  all  alternatives 
necessarily  lead  to  solutions,  since  some  ways  of  effecting  one  goal  or  precondition  may  make  it 
impossible  to  achieve  another.  It  may  thus  be  necessary  to  explore  a  number  of  alternatives  before 
a  valid  plan  is  found. 

The  technique  we  shall  consider  incorporates  a  number  of  simplifying  assumptions.  These 
assumptions  arc  not  essential  and,  in  my  thesis  [8],  I  show  how  they  can  be  lifted  to  obtain  a 
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completely  general  synthesis  technique.  The  first  assumption  is  that  the  initial  state  is  completely 
known.  This  makes  the  validity  conditions  for  a  plan  decidable  (in  general,  they  are  undecidable). 
The  second  assumption  is  that  function  symbols  and  constant  symbols  do  not  change  interpretation 
when  an  operator  is  applied  (i.e.,  p%  is  false  for  every  operator  a  and  every  function  symbol  or 
constant  symbol  S).  This  makes  it  easier  to  decompose  a  complex  goal  into  simpler  subgoals. 
The  last  assumption  is  that,  for  each  object  x  in  the  world,  there  is  a  constant  symbol  ex,  called 
the  standard  name  of  x,  that  denotes  x  in  the  initial  state.  Given  the  preceding  assumption,  the 
standard  name  of  x  will  also  denote  x  at  every  point  in  a  plan.  The  reason  for  this  last  assumption 
is  that  it  simplifies  the  handling  of  quantiGers. 

Representing  Plans,  Goals,  and  Protections 

To  begin,  we  must  establish  a  representation  for  plans,  goals,  and  protected  conditions.  As 
suggested  by  the  block-stacking  example  of  the  previous  section,  we  will  represent  a  plan  as  a 
directed  acyclic  graph,  called  a  plan  graph,  with  a  single  root  vertex  and  a  single  leaf  vertex.  The 
root  vertex  of  a  plan  graph  represents  the  initial  state,  while  the  leaf  vertex  represents  the  goal 
state.  The  intermediate  vertices  represent  operators.  The  edges  of  a  plan  graph  are  directed 
and  define  a  partial  ordering  of  the  vertices.  From  a  semantic  standpoint,  a  plan  graph  asserts 
that  certain  operators  must  appear  in  the  final  solution  in  a  certain  relative  order.  Although  the 
representation  permits  arbitrary  partial  orders  to  be  specified,  we  will  for  the  sake  of  simplicity 
consider  only  linear  (i.e.,  totally  ordered)  plan  graphs.  An  example  of  a  linear  plan  graph  appears 
below.  The  diagram  uses  boxes  and  circles  to  distinguish  between  the  root  and  leaf  vertices,  on 
the  one  hand,  and  the  intermediate  vertices  on  the  other. 


In  our  discussion  of  plan  graphs  we  will  adopt  the  following  conventions.  We  will  write  vp 
to  denote  the  root  vertex  of  a  plan  graph  and  vg  to  denote  the  leaf  vertex,  where  T  is  the  set  of 
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formulas  describing  the  initial  state  and  G  is  the  set  of  formulas  defining  our  goals.  If  nj  and  u2 
are  vertices,  we  will  write  ►  i>2  to  indicate  that  there  is  an  edge  from  Vi  to  v%.  The  plan  graph 
illustrated  above  can  then  be  written  as  vp  ►  ►  ■  •  •  ►  ►  vc •  We  will  say  that  a  vertex  oi 

precedes  a  vertex  02,  written  -<  1/2,  to  mean  that  there  is  a  path  from  i>i  to  V2,  and  we  will 
write  i'i  ■<  t'2  as  shorthand  for  t»i  -<  vo  or  =  no.  Finally,  we  will  say  that  a  formula  <p  is  true 
at  a  vertex  v  to  mean  either  (1)  that  <p  is  true  in  the  initial  state,  if  v  =  t/p,  or  (2)  that  <p  is  true 
after  execution  of  the  plan,  if  v  =  vc,  or  (3)  that  <p  is  true  when  the  operator  associated  with  v  is 
applied,  if  v  is  an  intermediate  vertex.  In  other  words,  if  our  plan  graph  is  up  ►  ui  ►  *  •  •  ►  w„  ►  vg 
and  a,  is  the  operator  associated  with  vertex  V{,  then  (1)  <p  is  true  at  Up  if  and  only  if  <p  is  a 
theorem  of  T,  (2)  <p  is  true  at  n,-  if  and  only  if  Ffaj-  •  holds,  and  (3)  <p  is  true  at  vg  if  and 

only  if  holds. 

Protected  conditions  will  be  represented  as  a  set  P  of  ordered  triples  of  the  form  {<p,  t'1,1'2), 
where  <£■  is  a  formula  and  i’j  and  t’2  are  vertices  such  that  vi  -<  V2-  P  will  be  referred  to  as  the 
protection  set.  In  semantic  terms,  each  triple  in  the  protection  set  is  an  assertion  that  a  particular 
formula  must  remain  true  over  some  interval  in  the  final  solution.  More  precisely,  if  {<p,vi,V2)  £  P, 
then  'f  must  be  true  at  every  vertex  v  in  the  final  plan  such  that  Vj  -<  v  ^  i»2-  In  particular, 
£  must  be  true  at  vertex  t'2-  It  will  be  necessary  during  plan  synthesis  to  consider  all  protected 
formulas  that  must  be  true  at  a  particular  vertex  v.  Therefore,  let  us  define  pv  to  be  tbis  set:  that 
is, 

pv  =  {'£  |  (<p,v i,i>2)  £  P  and  Uj  -<  v  ■<  v2}  (3.1) 

Goals  and  preconditions  will  be  represented  as  a  set  A  of  ordered  pairs  of  the  form  (f,v), 
where  £  is  a  formula  and  v  is  a  vertex.  We  will  refer  to  this  set  as  the  agenda.  From  a  semantic 
standpoint,  each  ordered  pair  on  the  agenda  is  an  assertion  that  a  particular  formula  must  be  true 
at  a  particular  vertex  in  the  final  plan.  In  other  words,  if  {ip,up)  £  A,  then  <p  must  be  true  in  the 
initial  state,  and,  if  (<p,v)  £  A,  where  v  7^  t>r,  then  one  of  our  goals  is  to  achieve  <p  at  vertex  n. 
The  set  of  all  conditions  we  wish  to  achieve  at  a  particular  vertex  v  is  given  by 


9v  =  {<P  I  (<P,v)  £  A} 


(3.2) 
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Together,  a  plan  graph,  a  protection  set,  and  an  agenda  define  a  set  of  constraints  that  a  plan 
must  satisfy  to  be  considered  a  solution.  To  synthesize  a  plan,  we  take  an  initial  set  of  constraints 
defined  by  an  initial  plan  graph,  protection  set,  and  agenda;  then,  through  an  appropriate  process, 
we  add  further  constraints  until  we  obtain  a  complete  specification  of  a  plan.  At  the  beginning 
of  the  process,  our  only  constraint  is  for  the  final  plan  to  achieve  every  formula  g  in  the  goal  set 
G,  given  that  the  initial  state  is  described  by  the  set  of  formulas  T.  Therefore,  the  initial  plan 
graph  is  the  graph  up  ►  vq,  the  initial  protection  set  is  empty,  and  the  initial  agenda  is  the  set 
{(<L1,g)  |  g  £  G’(,  The  problem  is  then  to  augment  each  of  the  three  components — the  plan  graph, 
the  protection  set,  and  the  agenda — until  the  sequence  of  operators  defined  by  the  plan  graph 
satisfies  all  of  the  assertions  listed  in  the  protection  set  and  the  agenda.  For  convenience,  let  us 
refer  to  the  combination  of  a  plan  gTaph,  a  protection  set,  and  an  agenda  as  a  partial  plan. 

The  Technique 

The  synt  hesis  technique  we  shall  consider  is  an  iterative  process  by  which  the  initial  partial 
plan  is  incrementally  modified  until  a  solution  is  obtained.  The  basic  loop  involves  finding  a  goal 
on  the  agenda  that  would  not  be  satisfied,  given  the  current  partial  plan,  and  then  modifying  the 
plan  so  that  the  goal  will  be  achieved.  This  process  continues  until  all  goals  on  the  agenda  have 
been  satisfied.  At  each  step,  the  current  partial  plan  is  modified  in  such  a  way  that,  if  all  of  the 
goals  on  the  agenda  are  satisfied,  then  all  of  the  assertions  in  the  protection  set  will  likewise  be 
satisfied.  This  guarantees  that,  once  all  of  the  goals  have  been  attained,  we  will  have  constructed 
a  valid  plan  consistent  with  the  protections. 

The  modifications  made  of  the  current  partial  plan  are  governed  by  a  set  of  rules.  For  every 
goal  that  may  be  expressed  in  the  logic,  there  is  a  corresponding  rule.  Each  rule  defines  a  set  of 
alternative  modifications  for  realizing  the  corresponding  goal  at  the  desired  point  in  the  final  plan. 
Each  set  of  alternatives  covers  all  possible  solutions,  so  that,  if  a  rule  is  applicable  and  if  a  solution 
can  be  obtained  from  the  current  partial  plan,  at  least  one  of  the  alternatives  defined  by  that  rule 
is  guaranteed  to  lead  to  a  solution.  Consequently,  the  rules  may  be  applied  in  any  order  without 
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backtracking  and  without  affecting  the  final  solution.  Of  course,  search  is  required  to  explore  the 
alternatives  expressed  by  a  rule.  As  search  is  fairly  well  understood,  this  report  will  focus  on  the 
modification  rules  and  leave  open  the  issue  of  an  appropriate  search  strategy. 

The  rules  for  modifying  plans  are  based  in  part  on  Theorem  3.2.  According  to  this  theorem, 
a  goal  is  satisfied  at  some  point  p  in  the  final  solution  if  and  only  if  (l)  there  is  an  operator  that 
causes  the  goal  to  become  true  and  the  goal  remains  true  thereafter  until  at  least  point  p,  or  (2)  the 
goal  is  true  initially  and  never  becomes  false  before  point  p.  This  suggests  two  ways  of  modifying  a 
partial  plan  in  order  to  achieve  a  goal:  one  is  to  insert  an  operator  that  causes  the  goal  to  become 
true,  the  other  is  to  prevent,  the  goal  from  becoming  false.  There  is,  however,  a  third  option:  since 
plans  are  built  incrementally,  the  operator  that  causes  a  goal  to  become  true  in  the  final  solution 
may  already  appear  in  the  current  partial  plan;  therefore,  another  way  of  achieving  a  goal  would 
be  to  establish  the  appropriate  enabling  conditions  to  allow  an  existing  operator  in  the  plan  to 
cause  the  goal  to  become  true.  These  three  alternatives  are  illustrated  by  the  following  example. 

Suppose  we  have  a  world  consisting  of  a  briefcase,  a  dictionary,  and  a  paycheck,  each  of  which 
may  be  sit  uated  in  one  of  two  locations:  the  home  or  the  office.  Operators  are  available  for  putting 
the  dictionary  and  the  paycheck  into  the  briefcase  and  for  taking  them  out,  as  well  as  for  carrying 
the  briefcase  between  the  two  locations.  Initially,  the  briefcase,  the  dictionary,  and  the  paycheck 
are  at  home,  and  the  paycheck  is  in  the  briefcase  but  the  dictionary  is  not.  The  goal  is  to  have 
the  briefcase  and  the  dictionary  at  the  office,  but  the  paycheck  at  home.  We  begin  the  synthesis 
process  with  the  empty  plan.  Let  us  first  consider  the  goal  of  having  the  briefcase  at  work.  Since 
this  goal  is  not  true  initially,  we  must,  have  an  operator  in  our  final  plan  that  causes  the  goal  to 
become  true.  As  the  current  plan  is  empty,  the  only  option  is  to  insert  the  operator  that  causes 
the  briefcase  to  be  brought  to  work.  Let  us  next  consider  the  goal  of  having  the  dictionary  at 
work.  This  goal  is  not  satisfied,  given  the  current  plan  of  bringing  the  briefcase  to  work.  However, 
if  we  were  to  put  the  dictionary  into  the  briefcase  before  leaving  home,  the  dictionary  would  be 
brought  to  the  office  as  a  side  effect.  In  this  case,  the  operator  that  causes  the  dictionary  to  be 
at  the  office  (i.e.,  bringing  the  briefcase  to  work)  already  appears  in  the  plan  and  an  additional 


36  PLAN  SYNTHESIS 


3.2 


operator  is  inserted  to  establish  the  appropriate  enabling  condition  (i.e.,  having  the  dictionary  in 
the  briefcase).  After  making  these  modifications,  we  are  left  with  only  one  more  goal  to  consider, 
which  is  to  have  the  paycheck  remain  at  home.  Unfortunately,  the  current  plan  of  putting  the 
dictionary  in  the  briefcase  and  then  bringing  the  briefcase  to  the  office  causes  the  paycheck  to 
be  brought  to  the  office  as  a  side  effect.  However,  if  we  were  to  remove  the  paycheck  from  the 
briefcase  before  leaving  home,  we  would  prevent  the  paycheck  from  changing  locations.  Our  goal 
would  then  be  achieved  by  virtue  of  the  fact  that  it  would  never  become  false.  If  we  choose  to 
remove  the  paycheck  from  the  briefcase  before  we  put  in  the  dictionary,  then  our  final  plan  will 
be  to  remove  the  paycheck  from  the  briefcase,  put  the  dictionary  in  the  briefcase,  and  bring  the 
briefcase  to  the  office. 

The  three  ways  of  modifying  a  partial  plan  illustrated  above  cover  all  possible  solution  paths. 
This  fact  is  expressed  by  the  theorem  that  appears  below.  This  theorem  may  be  paraphrased  as 
follows:  a  condition  <p  is  true  at  a  point  p  in  the  final  plan  if  and  only  if  one  of  the  following 
conditions  holds:  (!)  there  exists  an  operator  in  the  final  plan  that  already  appears  in  the  current 
plan  that  causes  <p  to  become  true,  and  p  remains  true  thereafter  until  at  least  point  p,  (2)  there 
exists  an  operator  in  the  final  plan  that  does  not  appear  in  the  current  plan  that  causes  <p  to 
become  true,  and  p  remains  true  thereafter  until  at  least  point  p,  or  (3)  ip  is  true  in  the  initial 
state,  and  remains  true  until  at  least,  point,  p. 

Theorem  3.3.  Let  He  a  sequence  of  operators  and  O'  an  expansion  of  0.  That  is,  for  an 

appropriate  set  of  operator  sequences  (#i, /?2, . ..},  if  0  =  aids- ■•<!«,  then  O'  =  •  • 

jSnan$n+ 1,  and,  if  0  —  e,  then  O'  —  /?].  Let  eq  —  and  cq  —  ■  -0;-i di-iPi  for  i  >  1. 

Then  T{0'}p  holds  iT  and  only  if  one  of  the  following  is  true: 

(1)  There  exists  a  <7,-  such  that.  r{<7,-}y?  is  false,  but  r{er,-a,-7}£>  is  true  for  all  sequences  7  such 
that  cr,u,-7  is  a  prefix  of  O'. 

(2)  There  exists  a  prefix  era  of  O'  such  that  <r  is  not  a  a;  and  r{cr}^  is  false,  but  T {<ra~j}p  is 
true  for  all  sequences  7  such  that  1707  is  a  prefix  of  O'. 
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(3)  r{cr}p  holds  for  all  prefixes  a  of  6'. 

Proof.  The  above  theorem  follows  directly  from  Theorem  3.2,  as  Clauses  (1)  and  (2)  together  are 
equivalent  to  Clause  (1)  of  Theorem  3.2  and  Clause  (3)  is  equivalent  to  Clause  (2)  of  Theorem  3.2. 

□ 

To  modify  a  partial  plan  to  achieve  some  goal,  we  merely  have  to  choose  one  of  the  three  cases 
described  Theorem  3.3  and  assert  that  it  holds  with  respect  to  the  current  partial  plan  and  the 
final  solution.  In  other  words,  if  (p,  v)  is  a  goal  on  the  agenda  and  if  p  is  not  true  at  vertex  v  in 
the  current  partial  plan,  then  we  can  (1)  assert  that  the  operator  associated  with  some  existing 
vertex  v'  -<  v  causes  p  to  become  true,  and  protect  p  from  v'  to  v,  (2)  insert  an  operator  that 
causes  p  to  become  true,  and  protect  p  up  to  vertex  v,  or  (3)  protect  p  from  the  initial  state  to 
vertex  v. 

To  make  these  assertions,  we  need  to  introduce  the  notion  of  a  secondary  precondition.  A 
secondary  precondition  for  an  operator  is  a  condition  that  must  be  true  at  the  time  the  operator 
is  applied  for  the  operator  to  have  the  desired  effect.  By  imposing  the  appropriate  secondary 
precondition  on  an  operator,  we  can  force  that  operator  to  preserve  some  condition  or  to  cause 
some  condition  to  become  true.  For  example,  in  the  briefcase  example  discussed  earlier,  the  act 
of  bringing  the  briefcase  to  work  causes  the  dictionary  to  be  brought  to  work  as  a  side  effect  only 
if  (be  dictionary  happens  to  be  in  the  briefcase  at  the  time.  Therefore,  we  can  achieve  the  goal 
of  having  the  dictionary  at  the  office  by  requiring  that  the  dictionary  be  in  the  briefcase  when 
the  briefcase  is  moved.  Similarly,  to  prevent  the  paycheck  from  changing  locations,  we  need  only 
require  that  the  paycheck  not  be  in  the  briefcase  at  the  time  the  briefcase  is  moved.  To  determine 
which  secondary  preconditions  are  appropriate  in  any  given  situation,  we  need  to  examine  more 
closely  the  circumstances  under  which  a  condition  is  preserved  or  is  made  true  by  an  operator. 

For  a  condition  tp  to  remain  true  between  two  points  in  a  plan,  all  of  the  intervening  operators 
must,  preserve  the  truth  of  p;  that  is,  if  tp  is  true  when  each  such  operator  is  applied,  then  p  must 
be  true  afterward.  In  Section  2.3  we  saw  that  p  is  true  after  an  operator  a  is  applied  if  and  only  if 
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a~1(p)  was  true  just  prior  to  the  application.  Therefore,  a  will  preserve  the  truth  of  <p  if  and  only 
if  p  — > •  fl_1(^r)  is  true  when  a  is  applied.  Given  that,  in  the  final  plan,  p  will  be  true  when  a  is 
applied,  any  formula  IP£,  such  that  p  — ►  (P°  «->■  a_1(<p))  is  an  appropriate  secondary  precondition 
to  impose  on  a  to  ensure  that  a  will  preserve  p  in  the  final  plan.  This  is  justified  by  the  following 
lemma: 

Lemma  3.4.  Let  be  a  formula  such  that  p  —*  (P£,  «-*■  a~l(p)).  Then  the  following  holds: 
if  p  is  true  before  a  is  applied,  <p  will  be  true  after  a  is  applied  if  and  only  if  P“  is  true 
beforehand. 

Proof.  By  hypothesis,  if  p  is  true  before  a  is  applied,  then  P£,  is  true  before  a  is  applied  if  and 
only  if  is  true  before  a  is  applied.  But  p  will  be  true  after  a  is  applied  if  and  only  if  a~l{p) 

is  true  beforehand.  Therefore,  if  p  is  true  before  n  is  applied,  then  p  will  be  true  after  a  is  applied 
if  and  only  if  P^  is  true  beforehand.  □ 

Let  us  now  consider  the  conditions  that  must  hold  for  an  operator  to  cause  a  formula  to  become 
true.  Given  that  the  initial  state  is  known  completely,1  an  operator  a  causes  a  closed  formula  p  to 
become  true  if  and  only  if  p  is  false  before  n  is  applied  and  true  afterward.  In  Section  2.3  it  was 
shown  that  p  will  be  true  after  a  is  applied  if  and  only  if  a~l(p)  is  true  beforehand.  Therefore,  a 
causes  p  to  become  true  if  and  only  if  ~'p  Aa_1(p)  is  true  when  a  is  applied.  Although  we  would 
guarantee  p  to  be- true  after  a  is  applied  and  false  beforehand  if  we  were  to  impose  -'pAn"I(p) 
as  a  secondary  precondit  ion  for  a,  it  is  sufficient  to  impose  a  weaker  precondition  E“  ,  where  E" 
is  any  formula  such  that  ->p  A  n_1(Y)  — ►  E®  and  — *  a~1(p).  has  the  property  that,  if  p 
is  false  wheu  a  is  applied,  then  a  will  cause  p  to  become  true  if  and  only  if  ££,  is  true  when  a  is 
applied;  if  both  p  and  are  true  when  a  is  applied,  then  a  will  preserve  the  truth  of  p.  Imposing 
E£,  as  a  secondary  precondition  therefore  guarantees  that  p  will  become  true  if  it  is  false.  E®  is 
weaker  than  p  A  a-I(^),  as  it  allows  the  possibility  that  p  will  be  true  when  a  is  applied.  The 

1  It  Ihc  initial  stale  were  not  completely  known,  it  would  be  possible  for  ip  to  be  false  before  a  is  applied  for  some 
of  the  worlds  satisfying  the  initial  state  description  and  true  for  others.  Therefore,  the  modifications  described 
here  apply  only  when  the  initial  stale  is  known  completely.  When  the  initial  state  is  only  partially  known,  a~1(<p) 
must  be  asserted  as  the  secondary  precondition. 
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reason  we  would  want  to  impose  E£,  instead  of  ->  p  Aa-1(p)  is  that  we  can  often  find  a  formula  E“ 
that,  is  much  simpler  than  a_1(£>)  and,  consequently,  is  easier  to  deal  with.  The  justification 

for  using  E£,  instead  of  -ipA  a_I(v?)  is  provided  by  the  following  theorem,  which  is  analogous  to 
Theorem  3.2  except  that,  it  is  stated  in  terms  of  E£,  and  P£>. 

Theorem  3.5.  Let  p  be  a  formula  not  containing  free  variables,  let  T  be  a  complete 
description  of  the  initial  state  of  the  world,  and  let  0  be  a  sequence  of  operators.  Then 
holds  if  and  only  if  one  of  the  following  holds: 

(1)  There  exists  a  prefix  era  of  0,  where  a  is  an  operator,  such  that  r{ir}E^  holds  and 
r{frn7}lP^  holds  for  all  sequences  7  and  all  operators  b  such  that  cra^b  is  a  prefix  of 
0. 

(2)  p  is  a  theorem  of  T  and  r{o-}P^  holds  for  every  prefix  <ra  of  0. 

Proof.  If  Clause  (1)  holds,  then  Y{(ra}p  holds  for  an  appropriate  prefix  a  a  of  0.  Furthermore, 
by  induction  and  by  using  Lemma  3.4,  r{rra76}y>  must  hold  for  all  sequences  7  and  all  operators 
b  such  that  c ra~,b  is  a  prefix  of  0.  Therefore,  (1)  implies  T {0}p.  If  Clause  (2)  holds,  then,  by- 
induction,  r { cr } ^  holds  for  every  prefix  a  of  0.  Therefore,  (2)  implies  Y{0}p.  Hence,  if  either 
Clause  (1)  or  Clause  (2)  holds,  or  if  both  hold,  then  r{0}p  must  hold  as  well. 

For  the  converse,  suppose  that  Y{0}p  holds.  Then,  by  Theorem  3.2,  one  of  the  followiug 
holds: 

( i /  There  exists  a  prefix  aa  of  0,  where  a  is  an  operator,  such  that  T{(7}£>  is  false  but  Y {on-  )p 
is  true  for  all  sequences  7  such  that  aa~i'  is  a  prefix  of  0. 

(ii)  r{cr}p  for  every  prefix  o  of  0. 

Suppose  that  (i)  holds  for  a  suitable  prefix  era  of  0.  Then  r{(r}p  is  false  and  r{<ra}(£>  is  true.  But 
Y{cra}p  is  true  if  and  only  if  r{o-}a-1(^>)  is  true.  Furthermore,  since  T  is  a  complete  description  of 
the  initial  state  of  the  world  and  since  p  does  not  contain  free  variables,  T { cr } 9?  is  false  if  and  only 
if  r{<r}  ->  p  is  true.  Therefore,  r{(r}(-'  p  A  a-1(^?))  holds.  Hence,  r{cr}E“  holds.  Furthermore,  (i) 
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implies  that  both  T {aar}<p  and  T {erarb}<p  hold  for  all  sequences  r  and  all  operators  6  such  that 
crarb  is  a  prefix  of  0.  Therefore,  Y{craT}(<p  A  a~  holds  for  all  r  and  6  such  that  erarb  is  a  prefix 
of  6.  Hence,  T {<rnr}IPp  holds  for  all  r  and  b  such  that  aarb  is  a  prefix  of  8.  Hence,  Clause  (1)  of 
the  theorem  holds. 

Suppose  that  (ii)  holds.  Then  <p  is  a  theorem  of  T,  since  r {}<p  holds.  Furthermore,  both 
r{CT}yr  and  r{tra}^>  hold  for  all  er  and  a  such  that  oa  is  a  prefix  of  8.  Therefore,  T{(7}IP^  holds 
for  all  a  and  a  such  that  era  is  a  prefix  of  8.  Hence,  Clause  (2)  of  the  theorem  holds. 

These  two  cases  give  us  the  following:  if  r {0}p  holds,  then  either  Clause  (1)  holds  or  Clause 
(2)  holds  or  both.  But,  from  before,  if  (I)  or  (2)  hold,  Y{0}ip  must  hold  as  well.  Therefore,  Y{8}<p 
holds  if  and  only  if  either  (1)  holds  or  (2)  holds  or  both.  □ 

As  with  Theorem  3.2,  Clause  (1)  of  Theorem  3.5  can  be  divided  into  two  subcases:  one  in 
which  the  operator  that  makes  <p  true  if  it.  is  false  must  be  added  to  the  current  partial  plan;  the 
other  in  which  the  operator  that  makes  <p  true  if  it  is  false  already  appears  in  the  plan.  Thus,  we 
have  the  following  corollary  to  Theorem  3.5: 

Corollary  3.6.  Let  6  be  a  sequence  of  operators  and  O'  an  expansion  of  0.  That  is, 
for  an  appropriate  set  of  operator  sequences  {/?i ,  02,  •  •  •}>  if  0  =  aiflo--flnt  then  O'  — 
8\  a i  /ioo2-  -  •0na„0n+ it  an(J'  if  0  =  e,  then  O'  =  f}\.  Let  (J\  =  0\  and  <7,-  =  0xa\  •  •  •/?,-_ i a 
for  /  >  1.  Let  T  be  a  complete  description  of  the  initial  state  and  let  <p  be  a  formula  containing 
no  free  variables.  Then  r{tf/)vr  holds  if  and  only  if  one  of  the  following  is  true 

(1)  There  exists  a  <7{  such  that  r{cj, •}!!£,’  holds  and  holds  for  all  sequences  7  and 

all  operators  b  such  that  aia^b  is  a  prefix  of  O'. 

(2)  There  exists  a  prefix  era  of  0  such  that  a  is  not  a  <7,-,  r{<7}E£,  holds,  and  r{<7n7}IPp  holds 
for  all  sequences  7  and  all  operators  b  such  that  17076  is  a  prefix  of  0. 


(3)  is  a  theorem  of  T  and  T{i7}P^  holds  for  every  prefix  era  of  8. 
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F}roof.  The  above  theorem  follows  directly  from  Theorem  3.5,  as  Clauses  (1)  and  (2)  together  are 
equivalent  to  Clause  (1)  of  Theorem  3.5,  and  Clause  (3)  is  equivalent  to  Clause  (2)  of  Theorem  3.5. 


Let  us  now  consider  the  precise  modifications  that  must  be  made  in  the  plan  graph,  the  agenda, 
and  the  protection  set  to  protect  p  from  the  initial  state,  to  force  an  existing  operator  to  make  p 
true  if  it  is  false,  and  to  insert  a  new  operator  that  makes  p  true  if  it  is  false. 

According  to  Clause  (3)  of  Corollary  3.6,  if  p  is  to  remain  true  from  the  initial  state  to  vertex 
!•'  in  the  final  plan,  then  p  must  be  true  in  the  initial  state,  and  P£,  must  be  true  when  operator 
a  is  applied  for  every  operator  a  prior  to  vertex  v.  Therefore,  the  following  modifications  must  be 
made  to  protect  p  from  the  initial  state  to  vertex  v: 

(1)  (p,  nr)  must  be  added  to  the  agenda  to  require  that  p  be  true  in  the  initial  state. 

(2)  {P"»-' , v1}  must  be  added  to  the  protection  set  for  each  vertex  v'  such  that-  up  -<  r'  -<  v 

to  guarantee  that-  every  operator  preceding  vertex  v  will  preserve  the  truth  of  p. 

(3)  (p,  i’r,  v)  must  be  added  to  the  protection  set  to  assert  that  p  is  protected  from  the  init  ial 
state  to  vertex  v. 

If  any  of  the  foregoing  additions  contradict  existing  goals  and  preconditions,  no  amount  of 
further  modification  will  lead  to  a  solution.  This  is  because  it  is  impossible  to  simultaneously 
achieve  contradictory  goals  and  protections.  Therefore,  we  can  rule  out  the  option  of  protecting 
p  from  the  initial  state  to  vertex  v  if  p  is  not  true  in  the  initial  state  or  if  requiring  that  (lie 
intervening  operators  preserve  the  truth  of  <p  contradicts  existing  goals  and  protections.  Stated 
more  precisely,  p  cannot  be  protected  from  the  initial  state  to  vertex  v  if 

(1)  {p}  U  T  is  inconsistent,  or 

(2)  {p,  P^' }  U  gV'  U  Pv>  is  inconsistent  for  any  vertex  v'  such  that  vr  -<  v'  -<  u, 

where  /v  is  the  current  set  of  protected  conditions  that  must  be  true  at  t/,  as  defined  in  Equation 

3.1,  and  gv>  is  the  set  of  goals  currently  on  the  agenda  that  must  be  achieved  at  vertex  v1,  as 
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defined  in  Equation  3.2.  Note  that  there  is  no  danger  in  not  detecting  these  inconsistencies  if  they 
are  present,  as  it  is  impossible  to  obtain  a  plan  that  satisfies  inconsistent  goals  and  protections. 
The  only  reason  for  the  test  is  to  reduce  the  search  space  by  eliminating  impossible  solution  paths 
from  consideration.  This  is  fortunate,  as  the  test  itself  is  only  partially  decidable;  that  is,  while 
it  is  always  possible  to  detect  inconsistencies  if  they  are  present,  it  is  not  generally  possible  to 
confirm  their  absence  if  they  are  not  present.  Consequently,  detecting  an  inconsistency  requires 
an  unbounded  amount  of  computation.  Since  the  only  reason  for  the  test  is  to  prune  the  search 
space,  spending  too  much  time  on  it  can  be  worse  than  not  performing  the  test  at  all.  The 
compromise  is  to  balance  amount  of  computation  spent  eliminating  alternatives  against  the  amount 
of  computation  saved  in  searching  a  smaller  space,  in  effect  limiting  the  range  of  inconsistencies 
that  can  be  detected.  The  optimum  balance,  though,  is  highly  dependent  on  the  problem  being 
considered,  so  it  is  hard  to  make  any  general  statements  about  where  the  optimum  lies. 

Let  us  next  consider  how  to  force  an  existing  operator  in  the  plan  to  cause  tp  to  become  trnc  if 
it  is  false,  and  how  t  hen  to  protect  <p  up  to  vertex  v.  If  the  existing  operator  a„<  is  associated  with 
vertex  v',  then,  by  Clause  (1)  of  Corollary  3.6,  must  be  true  when  av>  is  applied,  and  must 
be  true  when  operator  a  is  applied  for  every  operator  between  v'  and  v.  Therefore,  the  following 
modifications  have  to  be  made  to  force  the  operator  associated  with  vertex  v'  to  guarantee  that  p 
will  be  true  and  to  protect  p  up  to  vertex  v: 

(1)  (£|L'',  v')  must  be  added  to  the  agenda  guarantee,  that  <p  will  be  true  after  applying  fl„». 

(2)  must  be  added  to  the  agenda  for  each  vertex  v"  such  that  v'  -<  v"  <  v  to 
guarantee  that  every  operator  between  v1  and  v  will  preserve  the  truth  of  <p. 

(3)  {<p,  v',1’)  must  be  added  to  the  protection  set  to  assert,  that  <p  is  protected  between  vertices 
v'  and  v. 

If  these  new  goals  and  protections  contradict  their  existing  counterparts,  it  will  be  impossible 
to  obtain  a  solution  if  the  modifications  are  made.  Therefore,  we  can  rule  out  the  possibility  of 
forcing  av<  to  make  <p  true  if  it  is  false,  and  then  protecting  <p  up  to  vertex  v,  if 
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(1)  f  ->  tp,  E^-' }  U  gv'  U  pv'  is  inconsistent,  or 

(2)  {V,  IP”""  }  U  Pv"  U  Qv"  is  inconsistent  for  any  v"  such  that  v'  -<  v"  •<  v. 

As  before,  these  conditions  are  only  partially  decidable,  so  we  must  balance  the  amount  of  com¬ 
putation  spent  pruning  the  search  space  against  the  amount  saved  in  searching  a  smaller  space. 

The  t  hird  and  final  way  of  modifying  a  partial  plan  to  achieve  a  goal  is  to  insert  a  new  operator 
that  causes  the  goal  to  become  true  if  it  is  false  and  then  to  protect,  the  goal  up  to  the  point  we 
wish  it  to  be  true.  Since  we  are  considering  only  linear  plan  graphs,  the  insertion  must,  preserve 

linearity.  Therefore,  the  new  operator  must  be  inserted  between  two  consecutive  vertices  t’j  and 

i’o  in  the  current  plan  graph  (i.e.,  there  must  be  an  edge  from  it  to  v2  in  the  current  plan  graph). 

This  is  done  by  creating  a  new  vertex  o',  removing  the  edge  from  t/j  to  v2,  and  adding  two  new 

edges,  one  from  to  v'  and  the  other  from  v'  to  v2.  The  new  operator  avi  is  then  associated 
with  i,/.  The  modifications  of  the  agenda  and  the  protection  set  are  then  very  much  like  those  for 
forcing  an  existing  operator  to  make  <p  true  if  it  is  false.  As  with  forcing,  we  must  guarantee  that 
«,,/  will  cause  <p  to  become  true  iT  it  is  false  and  that  all  of  the  operators  between  vertices  v'  and  v 
will  preserve  <p,  and  we  must  assert  that  <p  is  protected  between  t/  and  u.  However,  we  must  also 
guarantee  that  the  preconditions  of  the  new  operator  tv  will  be  true  when  the  operator  is  applied, 
and  we  must  guarantee  that  av>  will  preserve  all  of  the  conditions  protected  between  vertices  v j 
and  no.  The  former  is  accomplished  by  adding  the  preconditions  of  avi  to  the  agenda.  For  the 
latter,  t  he  set  of  conditions  protected  between  it  and  v2  is  given  by 

{ip  |  (t'i,  r>3,  V4)  6  P  and  i’3  <  t.’i  and  v2  ■<  04} 

=  {ip  |  (ip,  v3,vi)  €  P  and  t>3  v2  <  1/4} 

=  pv2 

Therefore,  avi  must  preserve  every  formula  in  pV2.  Thus,  the  complete  set  of  modifications  of  the 
agenda  and  the  protection  set  are  as  follows:  if  operator  avi  is  being  inserted  at  a  new  vertex  v ' 
between  vertices  it  and  v2  so  that  <p  will  be  true  at  vertex  v,  then 

(1)  (ni,v')  must  be  added  to  the  agenda  for  every  nr  in  the  set  na'1'  of  preconditions  of  <v  to 
guarantee  that  the  preconditions  will  be  satisfied  when  avi  is  applied. 
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(2)  {££»■',  v')  must  be  added  to  the  agenda  guarantee  that  <p  will  be  true  after  avi  is  applied. 

(3)  {1P"V' .  v')  must  be  added  to  the  agenda  for  every  formula  ip  £  pV2  to  ensure  that  avi  will 
preserve  all  conditions  protected  between  vertices  Uj  and  v2. 

(4)  (!PfL" ,  v")  must  be  added  to  the  agenda  for  each  vertex  v"  such  that  v2  v"  -<  t’  to 
guarantee  that  every  operator  between  the  new  vertex  vf  and  vertex  v  will  preserve  the 
truth  of  <f. 

(5)  (<p,  v' ,  v)  must  be  added  to  the  protection  set  to  assert  that  <p  is  protected  between  vertices 
v1  and  v. 

If  these  new  goals  and  protections  contradict  their  existing  counterparts,  it  will  be  impossible 
to  obtain  a  solution  if  the  modifications  are  made.  Therefore,  we  can  rule  out  the  possibility  of 
inserting  a;,'  between  vertices  iq  and  v2  if 

(!)  |  t’  £  U  {->  <p,  }  U  na'--'  U  pV2  is  inconsistent,  or 

(2)  {^.IP^,'  "}  U  pu"  U  gv"  is  inconsistent  for  any  v"  such  that  v2  ^  v"  -<  v. 

As  before,  these  conditions  are  only  partially  decidable,  so  we  must  balance  the  amount  of  com¬ 
putation  spent  pruning  the  search  space  against  the  amount  saved  in  searching  a  smaller  space. 

The  Rules 

While  the  three  ways  of  modifying  a  partial  plan,  as  described  above,  are  valid  for  any 
formula  -f.  wc  will  perform  these  modifications  only  for  formulas  of  the  forms  R(t\, . . .  ,tn)  and 
tn),  where  R  is  a  relation  symbol  and  the  <,-’s  are  ground  terms  (i.e.,  terms  without 
variable  symbols).  Goals  containing  connectives  and/or  quantifiers  will  be  decomposed  into  simpler 
formulas  and,  ultimately,  into  one  of  the  two  forms  above.  The  reason  for  doing  this  is  that  it 
leads  to  a  more  efficient  planning  technique,  primarily  because  it  is  easier  to  identify  operators 
that  cause  atomic  formulas  to  become  true  or  false  than  it  is  to  identify  the  appropriate  operators 
for  arbitrary  formulas. 
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To  construct  modification  rules  for  atomic  formulas  and  their  negations,  we  can  take  advantage 
of  our  earlier  assumption  that  we  will  be  dealing  onlj'  with  problems  in  which  constant  and  function 
symbols  cannot  change  interpretation.  This  assumption  gives  rise  to  the  following  secondary 
preconditions  for  atomic  formulas  and  their  negations: 

=  -'t’hiMf  -  An) 

. t„)  =  . *") 

. t„)  = 

R(J, . t„)  =  ■  An) 

Iii  other  words,  a  preserves  the  truth  of  R{t\, . . . ,  <„)  if  and  only  if  a  does  not  delete 

from  the  interpretation  of  R ,  a  preserves  the  truth  of  ->  R(ti . tn )  if  and  only  if  n  does  not  add 

(l i . t„)  to  the  interpretation  of  R,  a  causes  R(tj, .. .  ,tn)  to  become  true  if  it  is  false  if  and  only 

if  a  adds  {/ j , . . . ,  tn)  to  the  interpretation  of  R,  and  a  causes  -■  R(t  j , . . .  ,tn)  to  become  true  if  it  is 
false  if  and  only  if  a  deletes  from  the  interpretation  of  R. 

In  stating  the  modification  rules  for  ,  tn)  and  -< R(ti,  . . . ,  tn),  we  will  treat  the  case 

in  which  R  is  the  symbol  “='  separately  from  the  general  case.  Since  we  have  assumed  that,  no 
operator  can  change  the  interpretation  of  any  constant  symbol  or  function  symbol,  and  since  by 
definition  no  operator  can  change  the  interpretation  of  1=’,  aL(fi,f2)  and  5!L(ii,  f2)  are  both 
FALSE.  Therefore,  it  is  impossible  to  make  a  goal  of  the  form  1 1  —  £2  or  ti  7^  <2  true  if  it  is  not 
already  true.  This  gives  us  the  following  rule: 

Rule  1.  If  (/•!  =  t2,r)  or  (t-i  7^  t2,v)  is  an  unsatisfied  goal  on  the  agenda,  no  further 
modification  of  the  current  partial  plan  will  lead  to  a  solution.  Therefore,  a  different  solution 
path  must  be  considered. 

This  rule  tells  us  to  abandon  the  current  branch  in  the  search  space  if  a  goal  of  the  form 
<1  =  t2  or  I  j  7^  f2  is  found  to  be  unsatisfied.  If  all  branches  are  found  to  lead  to  dead  ends,  a 
solution  does  not  exist. 

When  R  is  not  the  symbol  l=',  the  following  two  rules  apply.  Each  of  the  modifications 
described  in  these  rules  is  carried  out  as  discussed  previously. 
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Rule  2.  If  . . .  ,tn),v)  is  an  unsatisfied  goal  on  the  agenda  and  R  is  not  the  symbol  ‘=’, 

remove  (Z?(<i  v)  from  the  agenda  and  effect  one  of  the  following  modifications: 

(1)  Protect  R(ti,  . ..  ,tn)  from  the  initial  state  to  vertex  v,  if  R(t  lr . . . ,  tn  )  is  true  in  the  initial 
state  and  protecting  R(ti , . . .  ,tn)  does  not  contradict  existing  goals  and  protections. 

(2)  For  some  vertex  v'  such  that  vr  <  v'  ■<  v,  force  the  operator  associated  with  vertex  v'  to 
cause  R{t\ to  hecome  true  if  it  is  false,  and  then  protect  R(t  j , . . . ,  t„)  up  to  vertex 
v,  provided  neither  modification  introduces  an  inconsistency. 

(3)  Insert  a  new  operator  that  causes  R(ti} . . . ,  tn)  to  become  true  if  it  is  false,  at  a  point 
preceding  vertex  v  that  does  not.  contradict  existing  goals  and  protections,  and  then  protect 
R(t  i . . . . ,  t.n )  up  to  vertex  v. 

Rule  3.  If  .  ,tn),  v)  is  an  unsatisfied  goal  on  the  agenda  and  R  is  not  the  symbol 

remove  {->  i?(ti  v)  from  the  agenda  and  effect  one  of  the  following  modifications: 

(1)  Protect  ->  R(t\ , . . . ,  f„)  from  the  initial  state  to  vertex  v,  if  -1  R(t\, . . . ,  tn)  is  true  in 

the  initial  state  and  protecting  ->  , . . . ,  tn)  does  not  contradict  existing  goals  and 

protections. 

(2)  For  some  vertex  v'  such  that  t'p  ■<  v'  <  v,  force  the  operator  associated  with  vertex  v'  to 
cause  -i  R{t  i , . . . ,  t„)  to  become  true  if  it  is  false,  and  then  protect  ->  R(ty , . . . ,  tn)  up  to 
vertex  v,  provided  neither  modification  introduces  an  inconsistency. 

(3)  Insert  a  new  operator  that  causes  ->  . . . ,  tn)  to  become  true  if  it  is  false,  at  a  point 

preceding  vertex  v  that  does  not  contradict  existing  goals  and  protections,  and  then  protect 
->  R(ti , . ..  ,tn)  up  to  vertex  v. 

Note  that  it  is  possible  for  a  situation  to  arise  in  which  none  of  the  modifications  described 
in  Rule  2  is  consistent  with  the  existing  goals  and  protections.  When  this  happens,  no  further 
modification  of  the  partial  plan  will  lead  to  a  solution,  since,  in  virtue  of  Corollary  3.6,  i?(i i , . . . ,  tn) 
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can  be  achieved  if  and  only  if  one  oT  the  modifications  described  in  Rule  2  is  consistent  with  existing 
goals  and  preconditions.  Therefore,  when  such  an  inconsistency  is  detected,  we  must  abandon  the 
current  partial  plan  and  try  an  alternative  solution  path.  This  also  applies  to  Rule  3. 

Note  also  that  Rules  2  and  3  call  for  the  unsatisfied  goal  to  be  removed  from  the  agenda.  This 
is  permitted,  as  the  goal  will  be  satisfied  in  the  final  plan  if  the  new  assertions  are  satisfied.  The 
rules  that  follow  also  call  for  the  removal  of  unsatisfied  goals,  for  precisely  the  same  reason,  once 
the  appropriate  modifications  have  been  made. 

The  remaining  rules  are  used  to  decompose  complex  formulas  into  simpler  ones.  To  decompose 
a  goal  of  the  form  <p  A  4’>  we  make  use  of  the  fact  that  <p  A  4>  is  true  at  some  point  in  a  plan  if  and 
only  if  p  and  if-  are  both  true  at  that  point.  This  leads  to  the  following  rule  for  conjunctive  goals: 

Rule  4.  If  (<p  A  4',  v)  is  a  goal  on  the  agenda,  remove  ( <p  A  4',  v)  from  the  agenda  and  insert 

{y 5,i’)  and 

It  is  recommended  that  this  rule  be  applied  regardless  of  whether  <p  A  4’  is  satisfied  or  not,  as  p 
and  V'  may  then  be  considered  separately  at  later  stages  in  the  synthesis  process. 

For  disjunctive  goals,  we  can  make  use  of  the  assumption  that  the  initial  state  is  completely 
known.  As  a  result,  <p  V  4’  is  true  at  some  point  in  a  plan  if  and  only  if  either  <p  or  4>  is  true  at  that 
point,  or  both  are  (note  that  this  does  not  necessarily  hold  w»hen  the  initial  state  is  not  completely 
known  as  f{0}(p  V  4')  can  be  true  without  either  V{0}<p  or  r{8}4’  being  true).  This  gives  us  our 
fifth  rule: 

Rule  5.  If  (<p\J4>,v)  is  an  unsatisfied  goal  on  the  agenda,  remove  (pV^r)  from  the  agenda 

and  insert  either  (< ptv )  or  (-0,  v). 

The  rule  for  goals  involving  implication  is  merely  a  special  case  of  the  preceding  rule,  since 
<p  —  4’  is  equivalent  to  -<  <p  V  4)- 

Rule  6.  If  {p  — <■  4',v)  >s  an  unsatisfied  goal  on  the  agenda,  remove  { <p  —*  4>>v)  the 

agenda  and  insert  either  {-i  <p,v)  or  {4>,v). 
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The  rule  for  goals  involving  the  equivalence  connective  is  obtained  from  Rules  4  and  5  by 
making  use  of  the  fact  that  <p  •«-*■  ijj  is  equivalent  to  (<p  A  V  (->  <p  A  -1  if). 

Rule  7.  If  (p  «-*■  i>,v)  is  an  unsatisfied  goal  on  the  agenda  then  remove  (<p  «-»■  ip,v)  from  the 
agenda  and  insert  either  {<p,v)  and  or  {^p,v)  and 

For  quantified  goals,  we  can  make  use  of  the  assumption  that  every  object  in  the  world  has 
a  standard  name  (i.e.,  there  is  a  constant  symbol  denoting  that  object  at  every  point  in  a  plan). 
Because  of  this  assumption,  if  { e  1 , . . .  ,en)  is  the  set  of  standard  names  of  all  objects,  then  Vx  p(x) 
is  true  if  and  only  if  p(a )  is  true  for  all  e,-  £  (ei, . . . ,  e„},  and  3xp{x)  is  true  if  and  only  if  p{ti] 
is  true  for  some  et-  £  { e  1 ,  . . . ,  e,,}.  Unsatisfied  goals  of  the  form  Vx  <p(x)  are  handled  by  separating 
the  cases  for  which  <p(c,- )  is  false  from  those  for  which  p{ei)  is  true  in  a  manner  that  permits  each 
false  case  to  be  considered  individually: 

Rule  8.  If  (Vj^(x),u)  is  an  unsatisfied  goal  on  the  agenda  and  £>(et)  is  false  at  vertex  t>  for 
each  standard  name  e,-  £  { e,-, , . . . ,  e,-m  },  then  remove  {Vx  <p(x),  v)  from  the  agenda  and  insert 
{vrie,,).  v),  and  (Vx(x  =  efl  V  ■  •  •  V  x  =  e,m  V  p{x)\  v). 

An  example  of  the  use  of  Rule  8  may  be  found  in  the  block-stacking  example  appearing  in  Section 
3.1.  In  that  example,  no  block  may  be  on  top  of  block  A  when  Put(A,  B)  is  performed.  However,  this 
requirement  is  not  satisfied,  given  the  plan  of  placing  B  on  top  of  C  and  then  A  on  top  of  B.  This  is 
because  O'  is  on  top  of  A  both  in  the  initial  state  and  after  Put-(£?,  C).  Therefore,  we  would  use  Rule 
8  to  decompose  Vi  ->  On(i,  A)  into  ->  OnjC,  A)  and  Vi  (z  =  CV-1  On(i,  A)).  The  subgoal  ->  On(C,  A) 
would  then  be  achieved  by  inserting  a  new  operator  Put(C,X)  and  protecting  ->On(C',A)  in  the 
interval  between  the  Put^C,  A')  and  the  Put(A,  B)  operators.  The  subgoal  Vs  (2  =  C  V  ^  On(ir,  A)) 
is  serendipitously  true  and  no  further  action  need  be  taken  to  achieve  it. 

For  nn  unsatisfied  goal  of  the  form  ^x<p(x),  we  must  make  £>(e,-)  true  for  some  standard  name 
e,-.  From  the  standpoint  of  minimizing  the  search  space,  it  would  be  preferable  to  defer  the  choice 
of  by  introducing  a  variable  as  a  placeholder  for  the  appropriate  e,-  and  then  instantiating 
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this  variable  at  some  later  point  in  the  synthesis  process.  The  mechanisms  needed  to  handle 
instantiation  variables,  hoAvever,  are  beyond  the  scope  of  this  report  and  are  covered  in  my  thesis 
[8].  To  keep  our  planning  technique  simple,  we  will  explicitly  consider  each  and  every  choice  for 

dj. 

Rule  9.  If  (3z  ^(z),  t')  is  an  unsatisfied  goal  on  the  agenda  and  {ej,...,en}  is  the  set  of 
standard  names  of  all  objects  in  the  world,  then  remove  (3x  <p(x),  v)  from  the  agenda  and 
insert  {'^(e,-),  t>)  for  some  e,  6  {et, . . . ,  e„}. 

The  remaining  rules  deal  with  negated  goals.  They  are  obtained  from  the  previous  rules  in 
an  obvious  fashion  by  making  use  of  Dc  Morgan's  laws  and  similar  theorems  of  first-order  logic. 

Rule  10,  If  A  p),  v)  is  an  unsatisfied  goal  on  the  agenda,  remove  (->(9?  A  tl’),  v)  from  the 
agenda  and  insert  either  (~"p,v)  or 

Rule  11.  If  (-'(<p  V  ip),  v)  is  a  goal  on  the  agenda  (be  it  satisfied  or  not),  remove  {-•{<pV  i'),v) 
from  the  agenda  and  insert  (~<ip,v)  and  (->V',v). 

Rule  12.  If  {~‘(<p  — ' ►  i}>),  v)  is  a  goal  on  the  agenda  (be  it  satisfied  or  not),  remove  (-> (<p  —> ►  t>),  t») 
from  the  agenda  and  insert  {<p,v)  and  (-> ij>,v ). 

Rule  .13.  If  (-■('p  ■*-*  i'),  v)  is  an  unsatisfied  goal  on  the  agenda,  remove  *-►  ib ),v )  from 
the  agenda  and  insert  cither  (~'<p,v)  and  {i’,v)  or  (<p,  v)  and 

Rule  14.  If  (->(Vz  <p{x)),  v)  is  an  unsatisfied  goal  on  the  agenda  and  if  (ej , . . . ,  en}  is  the  set  of 
standard  names  of  all  objects  in  the  world,  remove  (->(Vx  <p{x)),  v)  from  the  agenda  and  insert 
(->  £>{ej),  u)  for  some  t ,  1  <  1  <  n. 

Rule  15.  If  {- >{3x  £(z)),u)  is  an  unsatisfied  goal  on  the  agenda  and  -1  p{ei)  is  false  at  vertex  v 
for  each  standard  name  e.t-  E  {e,-,, . . . ,  e,m },  remove  {-’(3x  p(x)),  v)  from  the  agenda  and  insert 
{“■  pUi^v), .  <p{eim),v),  and  (Vx(x  =  e.h  V  V  x  =  e.im  V  ~'<p{x)),  v). 
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3.3  AN  EXAMPLE 

To  illustrate  how  a  plan  would  be  synthesized  by  applying  the  rules  just  introduced,  let  us 
formulate  and  solve  the  briefcase  problem  discussed  earlier.  The  reader  will  recall  that  there  arc 
three  objects,  a  briefcase,  a  dictionary  and  a  paycheck,  and  two  locations,  the  home  and  the  office. 
Each  object  is  at  one  of  the  two  locations;  furthermore,  the  dictionary  and  the  paycheck  may  be 
in  or  out  of  the  briefcase,  in  our  formulation,  we  will  have  five  constant  symbols,  B,  D,  P,  H  and 
O,  corresponding,  respectively,  to  the  briefcase,  dictionary,  paycheck,  home,  and  office.  We  will 
also  have  two  relation  sj'mbois,  ‘At’  and  ‘in’.  ‘At’  is  a  binary  relation  such  that  At(i,y)  is  true 
if  and  only  if  object  i  is  at  location  y,  and  ‘In'  is  a  unary  relation  such  that  In(i)  is  true  if  and 
only  if  object  i  is  in  the  briefcase.  Initially,  the  three  objects  are  at  home;  the  paycheck  is  in  the 
briefcase  but  the  dictionary  is  not.  Therefore,  the  initial  state  description  F  contains  the  following 
formulas: 

(1 )  ei  7^  ej  for  all  et ,  e2  E  {B,  D,  P,  H,  0}  such  that  et  and  t2  are  distinct 

(2)  Vi  (i  —  B  V  x  =  D  V  x  =  P  V  x  =  H  V  x  =  O) 

(3)  Vi  y  (At(i,  tj)  *-*  [(i  —  B  V  x  =  D  V  x  =  P)  A  y  =  H]) 

(4)  Vi (!n(i)  <-*•  x  =  P). 

The  formulas  defined  in  Item  (l)  assert  that  B,  D,  P,  H  and  O  represent  distinct  entities,  and  the 
formula  in  Item  (2)  asserts  that  these  are  the  only  entities  in  existence.  Formula  (3)  asserts  that 
the  only  entities  that  have,  locations  are  B,  D  and  P,  and  they  are  all  at  II.  Finally,  (*1)  asserts 
that  the  only  entity  in  the  briefcase  is  P. 

Our  objective  is  to  have  the  briefcase  and  the  dictionary  at  the  office,  and  the  paycheck  at- 
home.  Therefore,  the  goal  description  consists  of  the  formulas  At(£?, O),  At (D,0)  and  At (P,H). 
To  achieve  these  goals,  we  may  put  objects  into  the  briefcase,  remove  objects  from  the  briefcase, 
and  move  the  briefcase  between  the  two  locations.  We  will  therefore  have  three  operator  schemata, 
Put-In(i),  TakeOut(i)  and  MovB(/),  corresponding  to  the  three  allowable  actions.  These  schemata 
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are  defined  as  follows: 

Putln(z) 

PRECOND:  3z(At(z,  x)  A  At{B,  a:)) 

ADD:  In(p)  for  all  p  such  that  p  =  z 

TakeOut(z) 

PRECOND:  3x  (At(z,  x)  A  At(B,  z)) 

DELETE:  In(p)  for  all  p  such  that  p  —  z 

MovB  (/) 

ADD:  At(p,  q)  for  all  p,  q  such  that  q  =  l  A(p  —  B  V  ln(p)) 

DELETE:  At(p,  q)  for  all  p,  q  such  that  7  ^  /  A  (p  =  5  V  In(<7)) 

Putin) z)  causes  In(z)  to  become  true  and  requires  as  a  precondition  that  z  and  B  be  at  the  same 
location.  TakeOut(z)  causes  In(z)  to  become  false  and  also  requires  as  a  precondition  that,  z  and  B 
be  at  the  same  location.  MovBf/)  causes  the  briefcase  and  everything  in  it  to  be  moved  to  location 
/.  Unlike  Putln(z)  and  TakeOut(z),  MovB(/)  has  no  precondition  and  may  be  applied  in  any  state. 
If  the  briefcase  and  its  contents  are  already  at  location  /,  MovB(/)  has  no  effect. 

The  initial  partial  plan  is  illustrated  below.  The  initial  state  is  depicted  graphically  and  the 

goals  are  simply  listed  above  the  goal  vertex.  In  general,  goals  on  the  agenda  will  be  listed  above  the 

appropriate  vertices  and  entries  in  the  protection  set  will  be  indicated  by  labeling  the  appropriate 
edges. 

H 

At  (BtO) 

At  (D,0) 

At  {P,H) 

Initial  Goal 

State  State 

In  this  partial  plan,  At {P,H)  is  satisfied  but  At(£?,0)  and  At(£>,0)  are  not;  in  other  words, 
r{}At(P,//)  holds  but  T{}At(B,0)  and  r{}At(Z),0)  do  not.  Rule  2  can  therefore  be  applied  to 
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either  At(B,0)  or  At(0,O).  It  does  not  matter  which  we  choose  to  work  on  first;  therefore,  let 
us  arbitrarily  choose  At(B,0).  Since  At(B,0)  is  false  in  the  initial  state  and  we  are  starting  with 
the  empty  plan,  we  can  rule  out  protecting  At(B,  0)  from  the  initial  state  or  forcing  an  existing 
operator  to  make  At(B,0)  true.  Therefore,  we  have  no  choice  but  to  insert  an  operator  to  make 
At(F.O)  true.  SAl(p ^  and  EAl(p |ff)  are  both  FALSE  since  both  aAt(p  ^  and  aAt(p?)  are 
FALSE.  Hence,  neither  Putln(,c)  nor  TakeOut(z)  can  make  At(B,  0)  true.  However, 


C1  “  ««'aw(p,l)  =  [?  =  I A  (p  =  B  V  ln(p))l. 


Therefore, 

s^gj  =[0  =  /A(B  =  BV  In(B))l 

=  (O  =  0- 


Hence,  the  only  operator  that  can  make  At(B,  0)  true  is  MovB(0).  Inserting  MovB(O)  into  the 


plan  produces  the  following  plan: 


H 


P 


D 


Initial 

State 


At(0,O) 

_ AX.jP,  H) 

MovB(O)  \  Goal 

\  State 

At(B,0) 


Note  that  no  additions  were  made  to  the  agenda,  since  the  precondition  for  MovB(O)  is  TRUE 
and  =  (O  =  0)  =  TRUE  (TRUE  is  always  true  and  thus  need  not  he  placed  on  the 

agenda).  At(B.O),  however,  was  removed  from  the  agenda.  This  is  reflected  in  the  diagram  by 
removing  At(B,0)  from  the  goal  vertex. 

In  the  above  plan,  both  At(B,0)  and  At (P,H)  are  unsatisfied.  Choosing  to  work  on  At(D,0) 
first  and  applying  Rule  2,  we  find  that  At(0,0)  is  not  true  in  the  initial  state;  consequently,  we 
must  either  insert  a  new  operator  to  make  At (D,  0)  true  or  force  an  existing  operator  to  make 
At(B,0)  true.  and  X'At(D<o)t^  are  both  FALSE,  but 


EahSo)  =  [0  =  /  A  (0  =  B  V  In(B))]. 
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Since  D  B  in  the  initial  state  and  none  of  the  operators  changes  the  interpretations  of  either  D 
or  B.  simplifies  to 

Sa7dB0)  -  (O  =  (AND))- 

Hence,  the  only  operator  that  can  make  At (D,  O)  true  is  MovB(O).  Therefore,  we  must  either  insert 
a  new  MovB(O)  operator  or  force,  the  existing  MovB(O)  operator  to  cause  At(£>,  O)  to  become  true. 
Choosing  to  do  the  latter,  and  being  prepared  to  backtrack  if  this  does  not  work  out,  we  obtain 
the  following  partial  plan.  Note  that  ln(X?)  is  added  as  a  secondary  precondition  to  MovB(O),  since 
simplifies  to  In(T>). 

H 


B 

0  D 

Initial 

State 


In  (D) 


MovB(O) 


1 


At(P,H) 

Goal 

State 


At(B,0) 
At (D,0) 


la  this  partial  plan,  both  In(D)  and  At (P,H)  are  unsatisfied.  Choosing  to  work  on  lu(£>)  first 
arid  applying  Rule  2,  we  find  that  In(D)  is  not  true  in  the  initial  state  and  there  are  no  operators 
preceding  MovB(O)  in  the  partial  plan.  Therefore,  our  only  option  is  to  insert  a  new  operator  to 
make  In(Z^)  true.  E'^£))0ut'^  and  are  both  FALSE,  but  =  (D  —  z).  Therefore, 

Putln(jD)  is  the  only  operator  that  can  make  In(Z?)  true.  Inserting  PutIn(.D)  gives  us  the  following 
partial  plan.  Note  that  (At(jD,  x)  A  At(£?,  *))  is  placed  on  the  agenda,  as  it  is  a  precondition  for 
Putln(D). 


II 

B 

0  D 

3x  [At(£>,  x) 

A  At(B,  x)| 

O  r  n . 

At  (P,H) 

Initial 

State 

Putln(D) 

MovB(O)  \ 

In(Z>)  At  {B,0) 

At  (D,0) 

Goal 

State 
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In  this  plan,  3z  (At(£>,  z)  A  At(B,  a;))  is  satisfied  but  At (P,H)  is  not.  Applying  Rule  2  to 
At(F,  H).  we  find  that  either  we  can  protect  At(F,  H)  from  the  initial  state,  since  it  is  true  initially, 
or  we  can  insert,  a  neiv  operator  MovB(H)  with  secondary  preconditions  In(F),  since  = 

[H  =  /Aln(F))  and  ^  =  FALSE.  Choosing  to  do  the  former,  and  preparing 

to  backtrack  if  necessary,  we  obtain  the  following  partial  plan: 


H 


B 

P 

D 

. * 

3i[At(F,i) 

A  At(B,  x)] 

-In  (F) 

- ^ 

Initial 

l  Putln(F) 

1  MovB(O) 

'I  G03I 

State  __ 

1 

J 

\  State 

At  (P,H) 

HD) 

At  [D.O) 

At  (P,H) 

At(Z),C>) 

At(P,//) 


Note  that,  in  protecting  At (P,H)  from  the  initial  state,  -<ln(F)  is  added  as  a  secondary  precon¬ 
dition  for  MovB(O),  since 


jpMovB(O) 
11  Al (P.H) 


^[H^O  A(P  =  BvIn(P))l 

-  In(P) 


No  other  preconditions  are  imposed  on  Putln(D),  since  P 


Putln(r>) 

At  (P,H) 


TRUE. 


At  this  point,  only  -'ln(F)  is  unsatisfied.  Applying  Rule  3,  we  find  that  our  only  option  is  to 
insert  a  new  operator  TakeOut(F)  either  before  Putln(D)  or  after  Putln(D).  Choosing  to  do  the 
latter,  and  preparing  to  backtrack  if  necessary,  we  obtain  the  following  partial  plan: 


H 


B 

P  D 

O  > 

Ex  [A t(Z),  x ) 

A  At(S,  2:)] 

Ex  [At(F,  x) 

A  At(B,  x)J 

Initial  1 

State  \ 

At(PM) 

Putln(F) 

T 

In(F) 

At  [P.H] 

TakeOut(F) 

X  MovB(O) 

HD) 

At  (P.H) 

-HP) 

't  Goal 

\  State 

At(B,0) 

At(Z>,0) 

At(P,//) 

All  outstanding  goals  on  the  agenda  are  now  satisfied.  Therefore,  the  plan  just  explicated, 
which  consists  of  putting  the  dictionary  into  the  briefcase,  removing  the  paycheck  from  the 
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briefcase,  and  then  bringing  the  briefcase  to  the  office,  satisfies  all  of  our  goals,  preconditions, 
and  protections. 
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